Hi Guys,
i have a problem with my watcher. I try to search for 500 nginx access response code error in the last 24h. But no results are found. And this is quite impossible. The Dashboard tells me i have 2000+ hits in the last 24h.
Here is my json text. I must say that i'm a newbie with json and Watcher.
{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"filebeat*"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"nginx.access.response_code": "500"
}
},
{
"range": {
"date": {
"gte": "now-1h/d",
"lt": "now/d"
}
}
}
]
}
}
}
}
}
},
"condition": {
"always": {}
},
"actions": {
"send_email": {
"throttle_period_in_millis": 300000,
"email": {
"profile": "standard",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"priority": "high",
"to": [
"EMAILADRESS"
],
"subject": "Encountered {{ctx.payload.hits.total}} Response code 500 errors",
"body": {
"text": "Too many error in the system, see attached data"
}
}
}
},
"metadata": {
"color": "red"
}
}
I read all the discussions here and i tried over and over again but with no results.
Thanks a lot!