Answer the question
In order to leave comments, you need to log in
K
K
Ka4a2016-07-22 14:56:49
Ka4a, 2016-07-22 14:56:49
Is it possible to receive notifications from ES watcher based on the number of events?
Hello. I'm starting to deal with watcher for es and now I have a problem. Now I made it so that I would receive a message in the mail that a message appeared in indices, and I want to make it so that if 20 messages (error from nginx) arrive there, send me a message by mail. I can't figure out how to do this. My indis uses timestamp. The skeleton found a similar one, but I can’t even catch up on how to do it right.
PUT _watcher/watch/balancer_mail
{
"trigger": {
"schedule": {
"interval": "5m"
}
},
"input": {
"search": {
"request": {
"indices": [ "balancer-*" ],
"body": {
"query": {
"filtered": {
"query": {
"match_phrase": {"message": "my_event_to_match"}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-25m"
}
}
}
]
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "[email protected] ",
"subject" : "my_event_to_match Warning from Watcher",
"body" : "my_event_to_match MESSAGE: Please see attached",
"attach_data" : true
}
}
}
Similar questions
A
A
Z
F
T
tcapb12018-09-25 14:23:54
What is the best way to organize autocomplete search in MySQL databases?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question