I'm just getting started with Watcher. As a test I would like to create a very simple watcher that alerts whenever new data is added to an index. To provide some context, we have an index that is taking alerts from a number of other tools. I would like to create a watcher that then also alerts on these alerts coming in. I don't need any filtering or message searching as I would like the watcher to trigger on any alerts that are coming in. I've had a play with the match_all options but can't get it to work. Any suggestions?
if the events, that you are indexing are coming with a timestamp when they have been created, you could have a search query in your watch, that searches for documents of the last 5 minutes or something and thus always get the most recent ones.
Would that solve your issue or did I miss something?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.