Is there possibility to delete index document from watcher as action? I haven't found a guide or documentation of how to do it. Maybe scripts can invoke elastic API, can't they?
My case is I want to have a static list of users and their permissions that will be updated after every logs ingestion and my watcher will compare every time the old list of permissions with the new one and alert on critical changes. Any other solutions of how it can be implemented?
Hi - thanks for asking. I'm passing along some info I saw in slack, I'm not an expert in Watcher, hope it helps:
A colleague notes: I suppose it’s possible to delete a document with Watcher by using a webhook action: Watcher webhook action | Elasticsearch Guide [8.3] | Elastic
...Just have it call back into ES through an HTTP DELETE?
They note, deleting documents with Watcher seems potentially suspect (maybe not advised?), and we'd want to discuss more about the use case and intention. It can help to help avoid design 'gotcha' problems down the road. I'll let the Watcher group post further. Hit back if you don't hear much, please. Cheers!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.