Adding conditions to Watcher actions
editAdding conditions to Watcher actions
editWhen a watch is triggered, its condition determines whether or not to execute the
watch actions. Within each action, you can also add a condition per action. These
additional conditions enable a single alert to execute different actions depending
on a their respective conditions. The following watch would always send an email, when
hits are found from the input search, but only trigger the notify_pager
action when
there are more than 5 hits in the search result.
resp = client.watcher.put_watch( id="log_event_watch", trigger={ "schedule": { "interval": "5m" } }, input={ "search": { "request": { "indices": "log-events", "body": { "size": 0, "query": { "match": { "status": "error" } } } } } }, condition={ "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, actions={ "email_administrator": { "email": { "to": "sys.admino@host.domain", "subject": "Encountered {{ctx.payload.hits.total}} errors", "body": "Too many error in the system, see attached data", "attachments": { "attached_data": { "data": { "format": "json" } } }, "priority": "high" } }, "notify_pager": { "condition": { "compare": { "ctx.payload.hits.total": { "gt": 5 } } }, "webhook": { "method": "POST", "host": "pager.service.domain", "port": 1234, "path": "/{{watch_id}}", "body": "Encountered {{ctx.payload.hits.total}} errors" } } }, ) print(resp)
const response = await client.watcher.putWatch({ id: "log_event_watch", trigger: { schedule: { interval: "5m", }, }, input: { search: { request: { indices: "log-events", body: { size: 0, query: { match: { status: "error", }, }, }, }, }, }, condition: { compare: { "ctx.payload.hits.total": { gt: 0, }, }, }, actions: { email_administrator: { email: { to: "sys.admino@host.domain", subject: "Encountered {{ctx.payload.hits.total}} errors", body: "Too many error in the system, see attached data", attachments: { attached_data: { data: { format: "json", }, }, }, priority: "high", }, }, notify_pager: { condition: { compare: { "ctx.payload.hits.total": { gt: 5, }, }, }, webhook: { method: "POST", host: "pager.service.domain", port: 1234, path: "/{{watch_id}}", body: "Encountered {{ctx.payload.hits.total}} errors", }, }, }, }); console.log(response);
PUT _watcher/watch/log_event_watch { "trigger" : { "schedule" : { "interval" : "5m" } }, "input" : { "search" : { "request" : { "indices" : "log-events", "body" : { "size" : 0, "query" : { "match" : { "status" : "error" } } } } } }, "condition" : { "compare" : { "ctx.payload.hits.total" : { "gt" : 0 } } }, "actions" : { "email_administrator" : { "email" : { "to" : "sys.admino@host.domain", "subject" : "Encountered {{ctx.payload.hits.total}} errors", "body" : "Too many error in the system, see attached data", "attachments" : { "attached_data" : { "data" : { "format" : "json" } } }, "priority" : "high" } }, "notify_pager" : { "condition": { "compare" : { "ctx.payload.hits.total" : { "gt" : 5 } } }, "webhook" : { "method" : "POST", "host" : "pager.service.domain", "port" : 1234, "path" : "/{{watch_id}}", "body" : "Encountered {{ctx.payload.hits.total}} errors" } } } }