Watcher creation help

ffmdsuperit · September 27, 2022, 8:20pm

Hello! I'm very new to Elasticsearch and I am attempting to create a Watcher, but I just can't seem to put the pieces together.

I have a index named "transactions". For that index I run this query "TerminalID : 999999 and day_of_week : Fri and OurTime: 11*" and last Friday it returned 7 results when I run it at 12:00PM.

I'd like to have the Watcher look at "1 week ago" till "Today", it should run at 12:00PM, and if the matching results are less than X then trigger an email alert.

Just testing a basic search I have the below "code", but I'm not sure how to limit the search to "1 Week Ago until Today". And I'm not sure this format could translate to a Watcher.

GET /transactions/_search
{
    "query": {
      "query_string": {
        "query": "TerminalID : 999999 and day_of_week : Fri and OurTime: 11*"
      }
    },
    "fields": [
      "TerminalID",
      "day_of_week",
      "OurTime"
    ]
}

I'd really appreciate some assistance with this. Thank you.

system · October 25, 2022, 8:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher elastic query Kibana elastic-stack-alerting	5	294	July 19, 2021
Watcher Timestamp showing in EPOCH Elasticsearch elastic-stack-alerting	4	905	October 1, 2021
Current Date in watcher Elasticsearch	6	103	April 18, 2024
Watchers: querying for multiple strings in timeframe Elasticsearch elastic-stack-alerting	2	987	August 20, 2020
Watcher - Alert on any new data Elasticsearch elastic-stack-alerting	2	399	December 4, 2018

Watcher creation help

Related topics