Code samples for X-Pack enablement PUT _watcher/watch/manage_history
{
"metadata": {
"keep_history_days": 2
},
"trigger": {
"schedule": { "daily": { "at" : "00:01" }}
},
"input": {
"simple": {}
},
"condition": {
"always": {}
},
"transform": {
"script" : "return [ indexToDelete : '/.watch_history-' + ctx.execution_time.minusDays(ctx.metadata.keep_history_days + 1).toString('yyyy.MM.dd') ]"
},
"actions": {
"delete_old_index": {
"webhook": {
"method": "DELETE",
"host": "localhost",
"port": 9200,
"path": "{{ctx.payload.indexToDelete}}",
"auth" : {
"basic" : {
"username" : "elastic",
"password" : "elastic"
}
}
}
}
}
}
PUT /_watcher/watch/gedit_watch
{
"trigger" : {
"schedule" : {"interval" : "60s"}
},
"input" : {
"search" : {
"request" : {
"indices" : ["topbeat*"],
"body" : {
"query" : {
"term": {
"proc.name": {"value": "gedit"}
}
},
"filter": {
"range": {
"@timestamp": { "gt" : "now-10m"}
}
}
}
}
}
},
"condition" : {
"compare" : {"ctx.payload.hits.total" : { "gt" : 0}}
}
}
PUT /_watcher/watch/gedit_watch
{
"trigger" : {
"schedule" : {"interval" : "60s"}
},
"input" : {
"search" : {
"request" : {
"indices" : ["topbeat*"],
"body" : {
"query" : {
"term": {
"proc.name": {"value": "gedit"}
}
},
"filter": {
"range": {
"@timestamp": { "gt" : "now-10m"}
}
}
}
}
}
},
"condition" : {
"compare" : {"ctx.payload.hits.total" : { "gt" : 0}}
},
"actions": {
"index_my_payload" : {
"transform": {
"script": "return [alert_name: ctx.watch_id , alert_text: \"Alerted and action taken\" , alert_time: ctx.trigger.triggered_time] "
},
"index" : {
"index" : "alert_index",
"doc_type" : "my_alert"
}
}
}
}
