mcku
December 21, 2015, 12:03pm
1
Hi All,
I am interested in evaluating watches from multiple inputs, as described in chain input approach on [watcher input ref]. (https://www.elastic.co/guide/en/watcher/current/input.html#input-chain ).
I am wondering if this is a valid scenario, or at least something that could be intended for by chain inputs:
first input is a search input,
second input is also a search input with parameters depending on ctx.payload.first.hits.hits._source
Is this a valid approach on the current watcher?
My initial attempts and feelings are mixed
Kind regards
spinscale
December 21, 2015, 1:20pm
2
Hey,
let me come up with an example (a somewhat artifical one though):
Let's execute two HTTP requests, one gets the cluster health and extracts it, and the other one uses this cluster health to execute a search query.
I fired up a single node and created an index, so that it is given, that the cluster health is yellow. The second request actually queries an index named yellow and logs the number of documents in it.
GET _cluster/health
PUT /yellow/foo/1
{"foo":"bar"}
PUT /_watcher/watch/cluster_health_watch
{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"http": {
"request": {
"host": "localhost",
"port": 9200,
"path": "/_cluster/health"
}
}
}
},
{
"second": {
"http": {
"request": {
"host": "localhost",
"port": 9200,
"path": "/{{ctx.payload.first.status}}/_search"
}
}
}
}
]
}
},
"actions": {
"log_result": {
"logging": {
"text": "Total HITS: {{ctx.payload.second.hits.total}}"
}
}
}
}
POST _watcher/watch/cluster_health_watch/_execute
GET /.watch_history*/_search
{
"size": 1,
"sort": [
{
"trigger_event.triggered_time": {
"order": "desc"
}
}
]
}
Hope this helps, if not please clarify!
--Alex
mcku
December 21, 2015, 1:50pm
3
Hi @spinscale Alex,
I am looking for something like the following. It appears that the second search in the chain does not get populated.
Thanks for your interest and cooperation!
{
"trigger": {
"schedule": {
"interval": "20s"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"firstindex"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"lang": "en"
}
}
]
}
}
}
}
}
}
},
{
"second": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"authorshipindex"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"userid": "{{ctx.payload.first.hits.hits.0._source.userid}}"
}
}
]
}
}
}
}
}
}
}
]
}
},
"condition": {
"always": {}
},
"actions": {
"log_error": {
"logging": {
"level": "info",
"text": "first {{#ctx.payload.first.hits.hits}} lang: {{_source.lang}} --> {{#ctx.payload.second.hits.hits}} author: {{_source.author}} \n {{/ctx.payload.second.hits.hits}} \n {{/ctx.payload.first.hits.hits}} \n "
}
}
}
}
spinscale
December 21, 2015, 4:22pm
4
Hey,
I see your issue now. Not every field supports the notion of templates (as this requires double parsing), only a few do (in the request input), see the docs at https://www.elastic.co/guide/en/watcher/current/input.html
That's tricky to support in the search input and requires some more thought. You could fallback to the http input for now though.
--Alex
.