Watcher http input : What is the expected response?

Hi team,

I am trying to build a watcher that calls an external web service to build the query and then fire an action.

 "input": {
    "http": {
      "request": {
        "scheme": "https",
        "host": "myhost",
        "port": 443,
        "method": "get",
        "path": "/es",
        "params": {},
        "headers": {}

The problem is that I don't understand from the docs what the response looks like. I'd like to send a query so that it gets executed on Elastic search, but I don't know what response the HTTP input is expecting.

This is the response I am trying at the moment, but it does not seem to work as it does not return any results, and there are results. I've replaced my query and my script with ${myquery} and ${myscript}

request: {
      indices: ['logstash-*'],
      rest_total_hits_as_int: true,
      body: {
        size: 0,
        query: {
          query_string: {
        aggs: {
          account_to_number: {
            terms: {
              min_doc_count: 100,
              size: 500,

Am I missing anything?

Thanks in advance

First, use the _execute endpoint in DevTools console to "test" the Watch (without fully saving it) and see the response in the right hand pane.

Second, use this example to see how one can extract information from the response to the webhook call: compare_shard_primary_and_replica · GitHub

Third, you will need to use chained inputs where you can take the info from one input type (here a webhook call) and pass that information onto a subsequent input type (in your case a query to Elasticsearch). See an example of chained inputs here: insight_watch.json · GitHub

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.