Watcher API Not Available

I'm trying to access Watcher API via my ES endpoint. I have 2 versions of the ES: 7.11 and 7.10, but both of the shouldn't have any differences as per the documentation.

Now, the endpoint /_watcher/_query/watches works fine with 7.11 and error is thrown with 7.10.

Below is the error:

{

    "error": {

        "root_cause": [

            {

                "type": "invalid_index_name_exception",

                "reason": "Invalid index name [_watcher], must not start with '_', '-', or '+'",

                "index_uuid": "_na_",

                "index": "_watcher"

            }

        ],

        "type": "invalid_index_name_exception",

        "reason": "Invalid index name [_watcher], must not start with '_', '-', or '+'",

        "index_uuid": "_na_",

        "index": "_watcher"

    },

    "status": 400

}

Hi @Munavir_Chavody Welcome to the community

The watcher API added the _query API in 7.11 it did not exist in 7.10.

Elasticsearch is progress of moving away from direct access to the underlying system indices so the query API was added

Previous 7.10 and before you would need to query the underlying .watches system indices which is not desirable.

in 7.10 to get a list of the watches via API

GET .watches/_search

Or you will need to know the ID of the watch ahead of time (via Kibana / Management / Watcher) and use the GET watches API

GET _watcher/watch/<watch_id>

Also just to point out the new Kibana Alerting Framework is very nice and supports DSL queries as well. It is generally a bit easier to use then watcher. You might want to check it out.

Hello @stephenb

Thank you so much for the answer. It works now. However I have another question: I just skimmed through the alerting framework that you've provided. Apart from making things user friendly, is there any changes to the alerting framework than the watchers? Also, from which version of Kibana does it support this feature.

Watcher and Kibana Alerting are completely separate implementations. They have nothing in common with respect to implementation, are not integrated or use any common components.

Think of watcher as legacy (although we will support for quite some time)

The of the Kibana Alerting framework as the future of alerting with the elastic stack.

Alerting framework started / beta I think in 7.7 but has matured significantly since then, and went GA in 7.11

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.