my watcher alert query is not returning the exact match of url it returns all similar search of http.url keyword. i am using 6.8.3. I want exact match or search of http.url. Please suggest .
{
"trigger": {
"schedule": {
"interval": "2m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"heartbeat--dxdttest-2020.08.12"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"term": {
"http.url": "http://nexusuat/nexus/"
}
},
{
"term": {
"monitor.status": "down"
}
},
{
"range": {
"@timestamp": {
"gte": "now-5m"
}
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_administrator": {
"email": {
"profile": "standard",
"from": "noreply-ESaaS@xyz.com",
"to": [
"ajay.suryan@xyz.com"
],
"subject": "Alert: Heartbeat monitoring is reporting that down status",
"body": {
"html": "
Hello Team,
Notice NexusV3 is down in Prod environment"
}
}
}
},
"metadata": {
"app": "dxdt",
"description": "Alert if status is down",
"env": "DX DT/Nexus Prod"
},
"throttle_period_in_millis": 900000
}