Hi Team,
I am trying to put an alert on ERROR patterns. There are 4 development environments and i have to write 4 alerts for the same pattern search. Can we write an alert on multiple indexes?
If yes, how to put index name in watcher:
Alert input, (it's not working):
"indices": [
"<env-*-json-log-{now/d}>"
],
---***
<\env--json-log-{now/d}>
---**
Indices are:
env-dev-json-log-2017.05.05
env-test-json-log-2017.05.05
env-qat-json-log-2017.05.05
env-uat-json-log-2017.05.05
this query will most likely not work in Elasticsearch either, so this is not directly a watcher issue. What you could do, is to write your watch and specify the environment as part of the watch metadata, so that your four watches stay the same otherwise.
Alternatively you could also execute all four queries in one watch using a chained input.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.