I am trying to see how watcher works. For that I am trying some use cases.
Here is one,
monitoring-server@monitoring-server:/var/log/logstash$ curl -XPUT 'localhost:9200/_xpack/watcher/watch/alpha_server_watch4?pretty' -H 'Content-Type: application/json' -d'
{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "api_indexer" ],
"body" : {
"query" : {
"match" : { "response": "400" }
}
}
}
}
},"actions" : { "notify-slack" : {"throttle_period" : "5m", "slack" : {"account" : "vodrive","message" : {"from" : "watcher","to" : [ "#bugs_alpha"], "text" : "System X Monitoring" } }}}
}
'
I have configured the account in the elasticsearch.yml file.
The thing is that when I create it, only at that time the slack channel receives a notification.
After that, when the condition is matched, that is the response=400, it does not notify me at that time. It is sending notifications but at random time, and not all the notifications.
Is there something I need to know ?
Also I made these just for testing purposes, how to delete those watches now ?
Moreover the webinar for watcher is not playing, it gives a playback error after 10 seconds.
https://www.elastic.co/webinars/watcher-practical-alerting-for-elasticsearch
Please tell me how to enhance it more.