Hello! I'm very new to Elasticsearch and I am attempting to create a Watcher, but I just can't seem to put the pieces together.
I have a index named "transactions". For that index I run this query "TerminalID : 999999 and day_of_week : Fri and OurTime: 11*" and last Friday it returned 7 results when I run it at 12:00PM.
I'd like to have the Watcher look at "1 week ago" till "Today", it should run at 12:00PM, and if the matching results are less than X then trigger an email alert.
Just testing a basic search I have the below "code", but I'm not sure how to limit the search to "1 Week Ago until Today". And I'm not sure this format could translate to a Watcher.
GET /transactions/_search
{
"query": {
"query_string": {
"query": "TerminalID : 999999 and day_of_week : Fri and OurTime: 11*"
}
},
"fields": [
"TerminalID",
"day_of_week",
"OurTime"
]
}
I'd really appreciate some assistance with this. Thank you.