My Webhook action for a watcher I have stays in Firing state and does not trigger, however when I manually execute the watcher it fires successfully.
The watchers aim is to trigger every time the field "host" exists within the past 5minutes, triggering every 5minutes.
Below shows the issue:
Below is the shown "OK" status after a manual execution:
Below is the result from executing the watch manually:
Below is the watcher config:
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"index*"
],
"types": [],
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"gte": "now-{{ctx.metadata.window_period}}"
}
}
},
{
"exists": {
"field": "host"
}
}
]
}
},
"aggs": {
"host": {
"terms": {
"field": "host"
}
}
}
}
}
}
},
"condition": {
"script": {
"source": """
def offenders = [];
for (def host: ctx.payload.aggregations.host.buckets) {
if (host.doc_count >= 0 ) {
offenders.add([
'host': host.key,
'execution_time' : ctx.trigger.triggered_time
]);
}
}
ctx.payload.offenders = offenders;
return offenders.size() > 0;
""",
"lang": "painless"
}
},
"actions": {
"web_hook": {
"webhook": {
"scheme": "https",
"host": "test.com",
"port": 443,
"method": "post",
"path": "/private,
"params": {},
"headers": {
"x-api-key": "xxxxx",
"Content-Type": "application/json"
},
"body": "{{#toJson}}ctx.payload.offenders{{/toJson}}"
}
},
"my-logging-action": {
"logging": {
"level": "info",
"text": "There are {{ctx.payload.hits.total}} documents - {{ctx.payload.hits.hit}}"
}
}
},
"metadata": {
"window_period": "5m"
},
"throttle_period_in_millis": 120000
}