Watcher query

yasin · May 28, 2019, 2:23pm

Dear Team,

After searching for the monitor.status: down we wanted to add an extra output to slack to know for which host we have received it. Is that possible?

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "heartbeat-*"
        ],
        "types": [],
        "body": {
          "size": 5,
          "query": {
            "match": {
              "monitor.status": "down"
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gt": 5
      }
    }
  },
  "actions": {
    "notify-slack": {
      "slack": {
        "account": "monitor",
        "message": {
          "from": "watcher",
          "to": [
            "elk"
          ],
          "text": "Core-Service Down:",
          "attachments": [
            {
              "color": "danger",
              "title": "Core-Service Down for customer:",
              "text": ""
            }
          ]
        }
      }
    }
  }
}

Larry_Gregory · May 28, 2019, 5:28pm

Hey @yasin,

The docs for slack actions give examples on how to inject data from your watcher input into the action itself. Check the bottom of this page: https://www.elastic.co/guide/en/elastic-stack-overview/7.1/actions-slack.html

system · June 25, 2019, 5:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send link to search in slack Elasticsearch elastic-stack-alerting	6	1893	May 8, 2017
Watcher with Heartbeat and monitor status up Elasticsearch elastic-stack-alerting	1	475	July 30, 2020
Watcher help send mutple alerts Elasticsearch	6	346	April 29, 2019
X-Pack Watcher -- adding additional fields Elasticsearch elastic-stack-alerting	2	466	July 18, 2018
Watcher working once, but not more Kibana	2	375	December 16, 2019

Watcher query

Related topics