Using watcher to send notifications

sLuvpreet33 · May 16, 2017, 1:54pm

I am trying to see how watcher works. For that I am trying some use cases.

Here is one,

monitoring-server@monitoring-server:/var/log/logstash$ curl -XPUT 'localhost:9200/_xpack/watcher/watch/alpha_server_watch4?pretty' -H 'Content-Type: application/json' -d'
{
  "trigger" : {
"schedule" : { "interval" : "10s" } 
  },
  "input" : {
  "search" : {
  "request" : {
    "indices" : [ "api_indexer" ],
    "body" : {
      "query" : {
        "match" : { "response": "400" }
      }
    }
  }
}
  },"actions" : { "notify-slack" : {"throttle_period" : "5m", "slack" : {"account" :   "vodrive","message" : {"from" : "watcher","to" : [ "#bugs_alpha"], "text" : "System X Monitoring" }  }}}

}
'

I have configured the account in the elasticsearch.yml file.

The thing is that when I create it, only at that time the slack channel receives a notification.

After that, when the condition is matched, that is the response=400, it does not notify me at that time. It is sending notifications but at random time, and not all the notifications.

Is there something I need to know ?
Also I made these just for testing purposes, how to delete those watches now ?

Moreover the webinar for watcher is not playing, it gives a playback error after 10 seconds.
https://www.elastic.co/webinars/watcher-practical-alerting-for-elasticsearch

Please tell me how to enhance it more.

spinscale · May 16, 2017, 1:58pm

Hey,

two things

First, you are using a throttle period if 5 minutes. Can you try without?
Second, use the execute watch API and the watcher history to find out what happens with further executions. Feel free to paste the latest watch history entry as well as the output of the execute watch API here.

Thanks!

--Alex

sLuvpreet33 · May 17, 2017, 1:50pm

Thanks for that link and also throttle info.

system · June 14, 2017, 1:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.