Hi,
My goal: To create an alert that tells me when a customer has not received a log.
My problem: The name of the customer is within an aggregated field.
My question: How do I retrieve the customer name and how can I incorporate this changing field into in the action?
// Below is my watcher thus far
// Below is the aggregated query. Is it possible to retrieve the "key" field and have it appear in my action?
Any advice is greatly appreciated! 
Thank you in advance
Hi @spinscale,
I have yet to do my "action" section, which is where I am struggling.
For the time being, I have put in a "text" action.
//Watcher Executed output
Thank you,
Nhung
I don't know if this is correct, but am I on somewhat on the right track?
// Watcher action
I just realized we are talking across two threads here. I will stop replying to this one. Please keep it to a single thread. Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.