Watcher not triggering alerts

Hello. We set up an ML job to identify anomalous events which runs every 15 minutes. While the job is able to find the events, the watcher that runs every 15 minutes is not triggered. Any tips on implementing the watcher to pick up results from the ML Job will be help.

Make sure the "look back" interval of the query the Watch makes to the .ml-anomalies-* index pattern is 2 times the value of the bucket_span of the ML job. So, if the bucket_span is 15m, then your query in your Watch should look back over the last 30 minutes - something like:

          "query": {
            "bool": {
              "filter": [
                {
                  "term": {
                    "job_id": "my_jobname"
                  }
                },
                {
                  "range": {
                    "timestamp": {
                      "gte": "now-30m"
                    }
                  }
                },
                {
                  "terms": {
                    "result_type": [
                      "bucket",
                      "record",
                      "influencer"
                    ]
                  }
                }
              ]
            }
          },

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.