75 questions
0
votes
0
answers
24
views
Kibana Watcher Bucket paths of aggregations error
I'm working on a Kibana Watcher in which I'm trying to aggregate the data based on server name and IIS status.
In the event a server reaches a ratio of 5% of errors, I want to send an email alert from ...
0
votes
0
answers
14
views
Compile error when watcher definition how can i fix it?
When i want to create below watcher definition, i get compile error. Is there any idea why i get compile error and how can i fix it ?
To be more clearly, i want to check if total hits > 10, if the ...
- 161
0
votes
1
answer
119
views
Add Curl query to Elastic cloud watcher
I want to create following alert in Elastic cloud:
Raise alert if number of unallocated shards exceeds 'x' value.
According to elastic-cloud documentation we can use the following query to Inspect ...
- 175
0
votes
1
answer
322
views
Can I pass an HTTP response from one action to another in Elasticsearch Watch?
I'm trying to register a ticket in a ticketing system and save the ticket ID in an Elasticsearch document using Watcher actions. The ticket ID is passed in the response to the "register new ...
- 66
1
vote
1
answer
518
views
How to pass result of one chained input, into next chained input
I am writing a watcher, to first fetch destination.ip field (using aggregation), and then I have to use 1st input result for terms query value (in 3rd input)
POST _watcher/watch/_execute
{
"...
- 16.2k
0
votes
1
answer
473
views
Watcher action to message Teams channel fails due to bad payload
I created an ELK Watcher with this action in my Watch JSON to send a message to a Teams channel:
"msteams_webhook": {
"webhook": {
"scheme": "https",
&...
- 7,566
0
votes
0
answers
690
views
How to pass variable `ctx.payload.hits.total` of the 'hit' log into transform-script of webhook watcher?
I have following webhook watcher which is working perfectly creating OTRS ticket when word "Error" appears in logs.
{
"trigger": {
"schedule": {
"...
- 407
0
votes
1
answer
489
views
watcher creation: mustach tag inside a webhook payload: preventing interpretation?
I have created a watcher that create new watcher or delete existing watcher based on an index. Basically it creates a watcher for each record of the index, those watcher then performing a weekly ...
- 1
0
votes
1
answer
647
views
How to get total watchers count in elasticsearch v 8,x,x
I am planning to get the total watchers count created in the elasticsearch cluster that is running on elkversion 8.x.x,
I tried to hit the below Watchers stats API, and it is giving me the below ...
0
votes
1
answer
603
views
How to iterate through aggregation buckets and send mail corresponding to each bucket using watcher action
I am trying to iterate through the aggregation bucket results. The aggregation response is :
"aggregations" : {
"agg1" : {
"doc_count_error_upper_bound" : 0,
...
- 16.2k
1
vote
0
answers
592
views
ElasticSearch Watcher simulate fires the action, otherwise it's stuck
I have a slack action configured. All aspects appear to be set up correctly. If I go to my watch's simulate section and choose execute (not ignoring the conditions) it executes fine and the message ...
- 1,933
0
votes
1
answer
2k
views
Kibana Filter to detect exceptions in Java Application logs
I am trying to write a ELK-Watcher to send alert in case of any exception in my Java-Application logs.
Our application-log is already getting indexed in Elastic-Search. And under log_message field, I ...
0
votes
1
answer
3k
views
Need help in fixing this Elastic watcher alert using a painless script
I'm attempting to build a watcher alert in Elastic (hosted cloud version) that will allow me to alert on high jvm memory pressure.
The data is already in elastic, I can retrieve it if I remove the &...
- 15
0
votes
0
answers
412
views
Date format in elasticsearch-watcher
Im trying to make wacher and i need to compair datetime in document with today-24h. So now i have this code:
"condition": {
"compare": {
"ctx.payload.event_time"...
1
vote
0
answers
299
views
Why is watcher giving errors?
I want to send slack notifications to a channel as soon as any log with loglevel ERROR appears in my index. I have configured watcher in the following way but it is giving me errors. The slack message ...
- 13
0
votes
1
answer
224
views
How to get human readable duration from milliseconds in Elasticsearch Painless language?
This doesn't work, just giving a "compile error" message in the watcher simulator.
- 59.6k
1
vote
1
answer
206
views
Elasticsearch - ‘network.host’: is not allowed on ElasticCloud
I am using ElasticCloud , version v7.12.1, I have sat up a watcher for health check of cluster that it looks like below:
PUT _watcher/watch/cluster_health_watch
{
"trigger" : {
...
- 2,689
2
votes
0
answers
398
views
How to use wildcard in elastalert rules
I need help in ELASTALERT
I have a log message like this :
log.info("Server is started at "+LocalDateTime.now());
and I need to write a query in rule for it:
I am writing as
- query:
...
user14748001
0
votes
1
answer
3k
views
Send email through elastic when error comes in log
I need to send email automatically whenever any error comes in my Elastic search.
Is there anyway to do it.
I dont want to use Elastic Cloud for it.
I can use Watcher in Kibana, but my question is ...
- 475
0
votes
0
answers
254
views
Conditional alert in kibana watcher
Is it possible to set the alert condition like ..the alert should trigger after 10 mins after it reaches the threshold value..
Note : we have to wait for 10 mins after it reaches the threshold value ....
- 3
1
vote
1
answer
1k
views
elasticsearch watcher chain inputs with intermediate array
Question
I am chaining different elasticsearch queries in a watcher. I short I'd like to do this:
find container_ids
run a query on all entries with any of those container_ids
the first query gives ...
- 38.2k
1
vote
1
answer
355
views
Email alert based on monitors going down / coming back up
I am fairly new to this but I need some help with my watcher setup. - I am using the X-Pack Watchers.
I have setup Heartbeat and I currently have 7 monitors.
i.e
monitor-01
monitor-02
etc.
I need ...
- 1,069
4
votes
2
answers
5k
views
Elasticsearch watcher and Microsoft Teams webhook
I have been trying desperately for 5 days to create an elasticsearch watcher alert that sends a notification on an incoming webhook teams. However, the answer I receive is "Bad payload received by ...
- 41
0
votes
2
answers
928
views
How to get the input log message detail when defining watcher?
I am trying to define a watcher in kibana to monitor our logs and send a notification with message detail to our slack channel when an error happens.
Problem is that i can't find a way to get the ...
- 992
3
votes
1
answer
1k
views
Throttle Elasticsearch Watcher to one alert
How do I throttle an Elasticsearch Watcher to one alert per event. If an error shows in the logs the watcher will fire until it's acknowledged.
I only want alerts for new errors not a time throttle.
