I'm trying to access Watcher API via my ES endpoint. I have 2 versions of the ES: 7.11 and 7.10, but both of the shouldn't have any differences as per the documentation.
Now, the endpoint /_watcher/_query/watches works fine with 7.11 and error is thrown with 7.10.
Below is the error:
{
"error": {
"root_cause": [
{
"type": "invalid_index_name_exception",
"reason": "Invalid index name [_watcher], must not start with '_', '-', or '+'",
"index_uuid": "_na_",
"index": "_watcher"
}
],
"type": "invalid_index_name_exception",
"reason": "Invalid index name [_watcher], must not start with '_', '-', or '+'",
"index_uuid": "_na_",
"index": "_watcher"
},
"status": 400
}
The watcher API added the _query API in 7.11 it did not exist in 7.10.
Elasticsearch is progress of moving away from direct access to the underlying system indices so the query API was added
Previous 7.10 and before you would need to query the underlying .watches system indices which is not desirable.
in 7.10 to get a list of the watches via API
GET .watches/_search
Or you will need to know the ID of the watch ahead of time (via Kibana / Management / Watcher) and use the GET watches API
GET _watcher/watch/<watch_id>
Also just to point out the new Kibana Alerting Framework is very nice and supports DSL queries as well. It is generally a bit easier to use then watcher. You might want to check it out.
Thank you so much for the answer. It works now. However I have another question: I just skimmed through the alerting framework that you've provided. Apart from making things user friendly, is there any changes to the alerting framework than the watchers? Also, from which version of Kibana does it support this feature.
Watcher and Kibana Alerting are completely separate implementations. They have nothing in common with respect to implementation, are not integrated or use any common components.
Think of watcher as legacy (although we will support for quite some time)
The of the Kibana Alerting framework as the future of alerting with the elastic stack.
Alerting framework started / beta I think in 7.7 but has matured significantly since then, and went GA in 7.11
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.