Using watcher to send notifications

Elastic Stack Elasticsearch
1

I am trying to see how watcher works. For that I am trying some use cases.

Here is one,

monitoring-server@monitoring-server:/var/log/logstash$ curl -XPUT 'localhost:9200/_xpack/watcher/watch/alpha_server_watch4?pretty' -H 'Content-Type: application/json' -d'
{
  "trigger" : {
"schedule" : { "interval" : "10s" } 
  },
  "input" : {
  "search" : {
  "request" : {
    "indices" : [ "api_indexer" ],
    "body" : {
      "query" : {
        "match" : { "response": "400" }
      }
    }
  }
}
  },"actions" : { "notify-slack" : {"throttle_period" : "5m", "slack" : {"account" :   "vodrive","message" : {"from" : "watcher","to" : [ "#bugs_alpha"], "text" : "System X Monitoring" }  }}}

}
'

I have configured the account in the elasticsearch.yml file.

The thing is that when I create it, only at that time the slack channel receives a notification.

After that, when the condition is matched, that is the response=400, it does not notify me at that time. It is sending notifications but at random time, and not all the notifications.

Is there something I need to know ?
Also I made these just for testing purposes, how to delete those watches now ?

Moreover the webinar for watcher is not playing, it gives a playback error after 10 seconds.
https://www.elastic.co/webinars/watcher-practical-alerting-for-elasticsearch

Please tell me how to enhance it more.

2

Hey,

two things

  • First, you are using a throttle period if 5 minutes. Can you try without?
  • Second, use the execute watch API and the watcher history to find out what happens with further executions. Feel free to paste the latest watch history entry as well as the output of the execute watch API here.

Thanks!

--Alex

3

Thanks for that link and also throttle info.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.