Hey there, I am really new to Watcher and I was hoping someone could answer my question and help me as much as they can.
I am looking to set a watcher that will tell me when a DNS response name has been found in my "links" field. If they are a match than it should log / send email etc.
My question is, can a watcher find if the response is contained in the array? And if so how exactly would one go about writing a watcher like that.
I read a bit about the chain watcher ability where I can basically search two different queries and if they match I can then alarm based on it. I took the skeleton that looks something along the lines of this but I am really unsure this will work :\
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"simple": {
"Links": ""
}
}
}
},
{
"second": {
"simple": {
"dns.question.name": ""
}
}
}
]
}
},
"condition": {
"script": {
"source": "return ctx.payload.second.value.equals(ctx.payload.first.value)"
}
},
"actions": {
"log": {
"logging": {
"text": "they are equal!"
}
}
}
}
My custom Json Array - "Links"
My field of dns response field