Watcher input index wildcard

piyush · May 5, 2017, 8:20pm

Hi Team,
I am trying to put an alert on ERROR patterns. There are 4 development environments and i have to write 4 alerts for the same pattern search. Can we write an alert on multiple indexes?
If yes, how to put index name in watcher:

Alert input, (it's not working):
"indices": [
"<env-*-json-log-{now/d}>"
],

---***
<\env--json-log-{now/d}>
---**

Indices are:
env-dev-json-log-2017.05.05
env-test-json-log-2017.05.05
env-qat-json-log-2017.05.05
env-uat-json-log-2017.05.05

Thanks & Regards,

spinscale · May 15, 2017, 9:10pm

Hey,

this query will most likely not work in Elasticsearch either, so this is not directly a watcher issue. What you could do, is to write your watch and specify the environment as part of the watch metadata, so that your four watches stay the same otherwise.

Alternatively you could also execute all four queries in one watch using a chained input.

Hope this helps!

--Alex

Topic		Replies	Views
Match multiple searchs in single watcher Elasticsearch elastic-stack-alerting	2	1177	June 28, 2018
Create watcher using index pattern Elasticsearch elastic-stack-alerting	2	404	May 5, 2021
Watcher Rule Elasticsearch elastic-stack-alerting	8	416	August 31, 2022
Elasticsearch watcher multiple indices Elasticsearch elastic-stack-alerting	3	783	July 2, 2019
Monitoring Alerts Elasticsearch elastic-stack-alerting	3	684	October 9, 2017

Watcher input index wildcard

Related topics