The examples on elastic.co seem to work unmodified in my environment, I am however having an issue:
This works and sends email:
0}[root@test75 ~]# curl -XPUT 'http://test45:9200/_watcher/watch/cluster_health_watch7' -d '{
"trigger" : {
"schedule" : { "cron" : "0 0/1 * * * ?" }
},
"input" : {
"search" : {
"request" : {
"indices" : [
"filebeat*"
"body" : {
],
"body" : {
"filtered": {
"query" : {
"filtered": {
},
"query": {
"match": { "response": 404 }
},
"filter": {
"range": {
"@timestamp" : {
"from": "{{ctx.trigger.scheduled_time}}||-5m",
"to": "{{ctx.trigger.triggered_time}}"
}
}
}
}
}
}
}
}
},
"actions" : {
"email_admin" : {
"email" : {
"to" : "kartik.unix@gmail.com",
"subject" : "404 recently encountered"
}
}
}
}'
{"_id":"cluster_health_watch7","_version":1,"created":true}[root@test75 ~]#
This does not:
PUT _watcher/watch/my-watch8
{
"trigger" : {
"schedule" : { "cron" : "0 0/1 * * * ?" }
},
"input" : {
"search" : {
"request" : {
"indices" : [
"filebeat*"
],
"body" : {
"query" : {
"filtered": {
"query": {
"match": { "response": 404 }
},
"filter": {
"range": {
"@timestamp" : {
"from": "{{ctx.trigger.scheduled_time}}||-5m",
"to": "{{ctx.trigger.triggered_time}}"
}
}
}
}
}
}
}
}
},
"condition" : {
"script" : "ctx.payload.hits.total > 1"
},
"actions" : {
"email_admin" : {
"email" : {
"to" : "kartik.unix@gmail.com",
"subject" : "404 recently encountered"
}
}
}
}'