Watcher input index wildcard

piyush · May 5, 2017, 8:20pm

Hi Team,
I am trying to put an alert on ERROR patterns. There are 4 development environments and i have to write 4 alerts for the same pattern search. Can we write an alert on multiple indexes?
If yes, how to put index name in watcher:

Alert input, (it's not working):
"indices": [
"<env-*-json-log-{now/d}>"
],

---***
<\env--json-log-{now/d}>
---**

Indices are:
env-dev-json-log-2017.05.05
env-test-json-log-2017.05.05
env-qat-json-log-2017.05.05
env-uat-json-log-2017.05.05

Thanks & Regards,

spinscale · May 15, 2017, 9:10pm

Hey,

this query will most likely not work in Elasticsearch either, so this is not directly a watcher issue. What you could do, is to write your watch and specify the environment as part of the watch metadata, so that your four watches stay the same otherwise.

Alternatively you could also execute all four queries in one watch using a chained input.

Hope this helps!

--Alex

system · June 12, 2017, 9:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Match multiple searchs in single watcher Elasticsearch elastic-stack-alerting	2	1136	June 28, 2018
Elasticsearch watcher multiple indices Elasticsearch elastic-stack-alerting	3	723	July 2, 2019
Create watcher using index pattern Elasticsearch elastic-stack-alerting	2	383	May 5, 2021
Wildcard suffix for indicies, aggregate for each index Elasticsearch elastic-stack-alerting	2	299	November 15, 2022
Watcher alert for matching multiple fields in same index Kibana elastic-stack-alerting	3	926	June 29, 2021

Watcher input index wildcard

Related topics