{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"kibana_sample*"
],
"types": [],
"body": {
"query": {
"match_all":{}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 10
}
}
},
"actions": {
"index_payload": {
"index": {
"index": "kibana_watcher",
"doc_type": "_doc",
"execution_time_field": "timestamp"
}
},
"add_field_webhook": {
"webhook": {
"scheme": "http",
"host": "localhost",
"port": 9200,
"method": "post",
"path": "kibana_watcher/_update_by_query",
"params": {},
"headers": {},
"auth": {
"basic": {
"username": "elastic",
"password": "::es_redacted::"
}
},
"body": "{\"script\" : {\"inline\": \"ctx._source.new_field = 'my new field' \"}}"
}
}
}
}
Created
March 18, 2019 13:35
-
-
Save renshuki/d44157de4713832707b07030bc5c0151 to your computer and use it in GitHub Desktop.
Elasticsearch Watcher (Alert) to index payload to a new one via index action and add a new field using a webhook
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment