Watcher doesn't recognise chains

Elastic Stack Elasticsearch
1

I'm playing with what I can do with watcher and trying to get chains working. But I get an error when trying to upload the watch:

{"error":"WatcherException[failed to put watch [chain_tester]]; nested: InputException[could not parse input for watch [chain_tester]. unknown input type [chain]]; ","status":500}

here is a sample of what I've done (it's a pointless test):

{"trigger":{
    "schedule":{
      "interval": "1m"
    }
  },
  "input":{
    "chain":{
      "inputs": [
        {
          "first":{
            "search":{
              "request":{
                "indices": ["logstash-*"],
                "body":{
                  "query": {
                    "filtered": {
                      "query": {
                        "query_string": {
                          "query": "*"
                        }
                      },
                      "filter": {
                        "bool": {
                          "must": [
                            {
                              "range": {
                                "@timestamp": {
                                  "gte": "now-1m",
                                  "lte": "now"
                                }
                              }
                            }
                          ],
                          "must_not": []
                        }
                      }
                    }
                  }
                }
              }
            }
          },
          "second":{
            "search":{
              "request":{
                "indices": [".watch_history*"],
                "body":{
                  "query": {
                    "filtered": {
                      "query": {
                        "query_string": {
                          "query": "watch_id: chain_tester"
                        }
                      },
                      "filter": {
                        "bool": {
                          "must": [
                            {
                              "range": {
                                "@timestamp": {
                                  "gte": "now-1m",
                                  "lte": "now"
                                }
                              }
                            }
                          ],
                          "must_not": []
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      ]
    }
  },
  "condition":{
    "compare":{
      "ctx.payload.first.hits.total":{
        "gt":1200
      },
      "ctx.payload.second.hits.hits.0.result.condition.met":{
        "eq": false
      }
    }
  }
}

I can't see any syntax errors, so I'm guessing I might be missing something in configuration? Or we may have the wrong watcher version? (I didn't install this one and am not sure how to check the version).

2

Hi Nick,

We added Chained inputs in Watcher 2.1, which is compatible with ES 2.1. Do you know which version of ES you are running?

Thanks,
Steve

3

Hey,

since Elasticsearch 2.0 the watcher plugin number always resembles the Elasticsearch version, which implies that on an upgrade you have to update Elasticsearch itself as well as the watcher and license plugin.

So, in order to find out, if you are on the right version just open http://localhost:9200/ and check if the Elasticsearch version is 2.1.x

--Alex

4

Noted we're on 1.7.1.

I'll have a chat with the office about upgrading.

5

Upgraded but having other issues now. I'll open as a separate thread as they are separate.

6

Here is the new thread:

No responses yet so if anyone here can help it would be appreciated!