Index Action

edit

Use the index action to index data into Elasticsearch. See Index Action Attributes for the supported attributes.

Configuring Index Actions

edit

The following snippet shows a simple index action definition:

"actions" : {
  "index_payload" : { 
    "condition": { ... }, 
    "transform": { ... }, 
    "index" : {
      "index" : "my-index", 
      "doc_type" : "my-type" 
    }
  }
}

The id of the action

An optional condition to restrict action execution

An optional transform to transform the payload and prepare the data that should be indexed

The elasticsearch index to store the data to

The document type to store the data as

Index Action Attributes

edit
Name Required Default Description

index

yes

-

The Elasticsearch index to index into.

doc_type

yes

-

The type of the document the data will be indexed as.

execution_time_field

no

-

The field that will store/index the watch execution time.

timeout

no

60s

The timeout for waiting for the index api call to return. If no response is returned within this time, the index action times out and fails. This setting overrides the default timeouts.

Multi-Document Support

edit

Like with all other actions, you can use a transform to replace the current execution context payload with another and by that change the document that will end up indexed.

The index action plays well with transforms with its support for the special _doc payload field.

When resolving the document to be indexed, the index action first looks up for a _doc field in the payload. When not found, the payload is indexed as a single document.

When a _doc field exists, if the field holds an object, it is extracted and indexed as a single document. If the field holds an array of objects, each object is treated as a document and the index aciton indexes all of them in a bulk.

The index action runs as a system user with elevated privileges, including permission to write all indices.