IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Adding conditions to Watcher actions
editAdding conditions to Watcher actions
editWhen a watch is triggered, its condition determines whether or not to execute the
watch actions. Within each action, you can also add a condition per action. These
additional conditions enable a single alert to execute different actions depending
on a their respective conditions. The following watch would always send an email, when
hits are found from the input search, but only trigger the notify_pager action when
there are more than 5 hits in the search result.
resp = client.watcher.put_watch(
id="log_event_watch",
trigger={
"schedule": {
"interval": "5m"
}
},
input={
"search": {
"request": {
"indices": "log-events",
"body": {
"size": 0,
"query": {
"match": {
"status": "error"
}
}
}
}
}
},
condition={
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
actions={
"email_administrator": {
"email": {
"to": "sys.admino@host.domain",
"subject": "Encountered {{ctx.payload.hits.total}} errors",
"body": "Too many error in the system, see attached data",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"priority": "high"
}
},
"notify_pager": {
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 5
}
}
},
"webhook": {
"method": "POST",
"host": "pager.service.domain",
"port": 1234,
"path": "/{{watch_id}}",
"body": "Encountered {{ctx.payload.hits.total}} errors"
}
}
},
)
print(resp)
const response = await client.watcher.putWatch({
id: "log_event_watch",
trigger: {
schedule: {
interval: "5m",
},
},
input: {
search: {
request: {
indices: "log-events",
body: {
size: 0,
query: {
match: {
status: "error",
},
},
},
},
},
},
condition: {
compare: {
"ctx.payload.hits.total": {
gt: 0,
},
},
},
actions: {
email_administrator: {
email: {
to: "sys.admino@host.domain",
subject: "Encountered {{ctx.payload.hits.total}} errors",
body: "Too many error in the system, see attached data",
attachments: {
attached_data: {
data: {
format: "json",
},
},
},
priority: "high",
},
},
notify_pager: {
condition: {
compare: {
"ctx.payload.hits.total": {
gt: 5,
},
},
},
webhook: {
method: "POST",
host: "pager.service.domain",
port: 1234,
path: "/{{watch_id}}",
body: "Encountered {{ctx.payload.hits.total}} errors",
},
},
},
});
console.log(response);
PUT _watcher/watch/log_event_watch
{
"trigger" : {
"schedule" : { "interval" : "5m" }
},
"input" : {
"search" : {
"request" : {
"indices" : "log-events",
"body" : {
"size" : 0,
"query" : { "match" : { "status" : "error" } }
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 } }
},
"actions" : {
"email_administrator" : {
"email" : {
"to" : "sys.admino@host.domain",
"subject" : "Encountered {{ctx.payload.hits.total}} errors",
"body" : "Too many error in the system, see attached data",
"attachments" : {
"attached_data" : {
"data" : {
"format" : "json"
}
}
},
"priority" : "high"
}
},
"notify_pager" : {
"condition": {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5 } }
},
"webhook" : {
"method" : "POST",
"host" : "pager.service.domain",
"port" : 1234,
"path" : "/{{watch_id}}",
"body" : "Encountered {{ctx.payload.hits.total}} errors"
}
}
}
}