Watcher - Alert on any new data

kpover · November 6, 2018, 11:43am

Hello,

I'm just getting started with Watcher. As a test I would like to create a very simple watcher that alerts whenever new data is added to an index. To provide some context, we have an index that is taking alerts from a number of other tools. I would like to create a watcher that then also alerts on these alerts coming in. I don't need any filtering or message searching as I would like the watcher to trigger on any alerts that are coming in. I've had a play with the match_all options but can't get it to work. Any suggestions?

Thanks in advance,
Kyle

spinscale · November 6, 2018, 12:57pm

Hey Kyle,

if the events, that you are indexing are coming with a timestamp when they have been created, you could have a search query in your watch, that searches for documents of the last 5 minutes or something and thus always get the most recent ones.

Would that solve your issue or did I miss something?

--Alex

Topic		Replies	Views
X-Pack watcher alarm "one new document indexed" Elasticsearch	5	731	December 5, 2016
Watcher elastic query Kibana elastic-stack-alerting	5	343	July 19, 2021
Elasticsearch indexes - watcher notifications Elasticsearch elastic-stack-alerting	9	1653	September 15, 2017
How to create a Watcher for no ingested logs for X minutes Elasticsearch elastic-stack-alerting	2	545	July 21, 2020
Alert when there is no data in index Kibana elastic-stack-alerting	4	1873	December 4, 2019

Watcher - Alert on any new data

Related topics