Watcher HTTP input
editWatcher HTTP input
editUse the http input to submit a request to an HTTP endpoint and load the
response into the watch execution context when the watch is triggered. See
HTTP input attributes for all of the supported attributes.
With the http input, you can:
-
Query external Elasticsearch clusters. The
httpinput provides a way to submit search requests to clusters other than the one Watcher is running on. This is useful when you’re running a dedicated Watcher cluster or if you need to search clusters that are running different Elasticsearch versions. - Query Elasticsearch APIs other than the search API. For example, you might want to load data from the nodes stats, cluster health or cluster state APIs.
-
Query external web services. The
httpinput enables you to load data from any service that exposes an HTTP endpoint. This provides a bridge between Elasticsearch clusters and other systems.
Querying external Elasticsearch clusters
editTo query an external Elasticsearch cluster, you specify the cluster’s
host and port attributes and the index’s search endpoint as the path.
If you omit the search body, the request returns all documents in the specified
index:
"input" : {
"http" : {
"request" : {
"host" : "example.com",
"port" : 9200,
"path" : "/idx/_search"
}
}
}
You can use the full Elasticsearch Query DSL to perform
more sophisticated searches. For example, the following http input retrieves
all documents that contain event in the category field:
"input" : {
"http" : {
"request" : {
"host" : "host.domain",
"port" : 9200,
"path" : "/idx/_search",
"body" : "{\"query\" : { \"match\" : { \"category\" : \"event\"}}}"
}
}
}
Calling Elasticsearch APIs
editTo load the data from other Elasticsearch APIs, specify the API
endpoint as the path attribute. Use the params attribute to specify
query string parameters. For example, the following http input
calls the cluster stats API and enables the human attribute:
Calling external web services
editYou can use http input to get data from any external web service. The http
input supports basic authentication. For example, the following input provides
a username and password to access myservice:
"input" : {
"http" : {
"request" : {
"host" : "host.domain",
"port" : 9200,
"path" : "/myservice",
"auth" : {
"basic" : {
"username" : "user",
"password" : "pass"
}
}
}
}
}
You can also pass in service-specific API keys and other information
through the params attribute. For example, the following http
input loads the current weather forecast for Amsterdam from the
OpenWeatherMap service:
"input" : {
"http" : {
"request" : {
"url" : "http://api.openweathermap.org/data/2.5/weather",
"params" : {
"lat" : "52.374031",
"lon" : "4.88969",
"appid" : "<your openweathermap appid>"
}
}
}
}
Using token-based authentication
editYou can also call an API using a Bearer token instead of basic authentication. The request.headers object contains the HTTP headers:
"input" : {
"http" : {
"request" : {
"url": "https://api.example.com/v1/something",
"headers": {
"authorization" : "Bearer ABCD1234...",
"content-type": "application/json"
# other headers params..
},
"connection_timeout": "30s"
}
}
}
Using templates
editThe http input supports templating. You can use templates when
specifying the path, body, header values, and parameter values.
For example, the following snippet uses templates to specify what index to query and restrict the results to documents added within the last five minutes:
"input" : {
"http" : {
"request" : {
"host" : "host.domain",
"port" : 9200,
"path" : "/{{ctx.watch_id}}/_search",
"body" : "{\"query\" : {\"range\": {\"@timestamp\" : {\"from\": \"{{ctx.trigger.triggered_time}}||-5m\",\"to\": \"{{ctx.trigger.triggered_time}}\"}}}}"
}
}
}
Accessing the HTTP response
editIf the response body is formatted in JSON or YAML, it is parsed and loaded into
the execution context. If the response body is not formatted in JSON or YAML, it
is loaded into the payload’s _value field.
Conditions, transforms, and actions access the response data through the
execution context. For example, if the response contains a message
object, you can use ctx.payload.message to access the message data.
In addition all the headers from the response can be accessed using the
ctx.payload._headers field as well as the HTTP status code of the response using
ctx.payload._status_code.
HTTP input attributes
edit| Name | Required | Default | Description |
|---|---|---|---|
|
no |
http |
Url scheme. Valid values are: |
|
yes |
- |
The host to connect to. |
|
yes |
- |
The port the http service is listening on. |
|
no |
- |
The URL path. The path can be static text or contain |
|
no |
get |
The HTTP method. Supported values are: |
|
no |
- |
The HTTP request headers. The header values can be static text
or include |
|
no |
- |
The URL query string parameters. The parameter values can be
static text or contain |
|
no |
- |
Allows you to set |
|
no |
- |
HTTP basic authentication username |
|
no |
- |
HTTP basic authentication password |
|
no |
- |
The proxy host to use when connecting to the host. |
|
no |
- |
The proxy port to use when connecting to the host. |
|
no |
10s |
The timeout for setting up the http connection. If the connection could not be set up within this time, the input will timeout and fail. |
|
no |
10s |
The timeout for reading data from http connection. If no response was received within this time, the input will timeout and fail. |
|
no |
- |
The HTTP request body. The body can be static text or include
|
|
no |
- |
A array of JSON keys to extract from the input response and use as payload. In cases when an input generates a large response this can be used to filter the relevant piece of the response to be used as payload. |
|
no |
json |
The expected content type the response body will contain.
Supported values are |
You can reference the following variables in the execution context when
specifying the path, params, headers and body values:
| Name | Description |
|---|---|
|
The id of the watch that is currently executing. |
|
The time execution of this watch started. |
|
The time this watch was triggered. |
|
The time this watch was supposed to be triggered. |
|
Any metadata associated with the watch. |