Docs: Improve watcher action condition docs (elastic/x-pack-elasticsearch#2909)

The action condition feature was carefully hidden in an example. This commit creates an own paragraph to highlight this feature better. Original commit: elastic/x-pack-elasticsearch@006318787b
2017-11-09 16:13:56 +01:00 · 2017-11-09 16:13:56 +01:00 · 4d265868b8
parent 2693c6a730
commit 4d265868b8
3 changed files with 84 additions and 14 deletions
--- a/docs/build.gradle
+++ b/docs/build.gradle
@ -92,7 +92,6 @@ buildRestTests.expectedUnconvertedCandidates = [
        'en/rest-api/security/authenticate.asciidoc',
        'en/rest-api/watcher/stats.asciidoc',
        'en/security/authorization.asciidoc',
-        'en/watcher/actions.asciidoc',
        'en/watcher/example-watches/watching-time-series-data.asciidoc',
 ]

--- a/docs/en/watcher/actions.asciidoc
+++ b/docs/en/watcher/actions.asciidoc
@ -1,7 +1,7 @@
 [[actions]]
 == Actions

-When a watch's condition is met, it's actions are executed unless it is being
+When a watch's condition is met, its actions are executed unless it is being
 <<actions-ack-throttle, throttled>>. A watch can perform multiple actions.
 The actions are executed one at a time and each action executes independently.
 Any failures encountered while executing an action are recorded in the
@ -104,13 +104,21 @@ defined in the watch:
 PUT _xpack/watcher/watch/log_event_watch
 {
  "trigger" : {
-    ...
+    "schedule" : { "interval" : "5m" }
  },
  "input" : {
-    ...
+    "search" : {
+      "request" : {
+        "indices" : "log-events",
+        "body" : {
+          "size" : 0,
+          "query" : { "match" : { "status" : "error" } }
+        }
+      }
+    }
  },
  "condition" : {
-    ...
+    "compare" : { "ctx.payload.hits.total" : { "gt" : 5 }}
  },
  "throttle_period" : "15m", <1>
  "actions" : {
@ -130,9 +138,6 @@ PUT _xpack/watcher/watch/log_event_watch
      }
    },
    "notify_pager" : {
-      "condition": { <2>
-        "compare" : { "ctx.payload.hits.total" : { "gt" : 5 }}
-      }
      "webhook" : {
        "method" : "POST",
        "host" : "pager.service.domain",
@ -144,11 +149,10 @@ PUT _xpack/watcher/watch/log_event_watch
  }
 }
 --------------------------------------------------
+// CONSOLE

 <1> There will be at least 15 minutes between subsequent action executions
 		(applies to both `email_administrator` and `notify_pager` actions)
-<2> A `condition` that only applies to the `notify_pager` action, which
-    restricts its execution to when the condition succeeds (at least 6 hits in this case).

 If you do not define a throttle period at the action or watch level, the global
 default throttle period is applied. Initially, this is set to 5 seconds. To
@ -187,6 +191,74 @@ of a watch during its execution:

 image::images/action-throttling.jpg[align="center"]

+
+[[action-conditions]]
+=== Adding conditions to actions
+
+When a watch is triggered, its condition determines whether or not to execute the
+watch actions. Within each action, you can also add a condition per action. These
+additional conditions enable a single alert to execute different actions depending
+on a their respective conditions. The following watch would alway send an email, when
+hits are found from the input search, but only trigger the `notify_pager` action when
+there are more than 5 hits in the search result.
+
+[source,js]
+--------------------------------------------------
+PUT _xpack/watcher/watch/log_event_watch
+{
+  "trigger" : {
+    "schedule" : { "interval" : "5m" }
+  },
+  "input" : {
+    "search" : {
+      "request" : {
+        "indices" : "log-events",
+        "body" : {
+          "size" : 0,
+          "query" : { "match" : { "status" : "error" } }
+        }
+      }
+    }
+  },
+  "condition" : {
+    "compare" : { "ctx.payload.hits.total" : { "gt" : 0 } }
+  },
+  "actions" : {
+    "email_administrator" : {
+      "email" : {
+        "to" : "sys.admino@host.domain",
+        "subject" : "Encountered {{ctx.payload.hits.total}} errors",
+        "body" : "Too many error in the system, see attached data",
+        "attachments" : {
+          "attached_data" : {
+            "data" : {
+              "format" : "json"
+            }
+          }
+        },
+        "priority" : "high"
+      }
+    },
+    "notify_pager" : {
+      "condition": { <1>
+        "compare" : { "ctx.payload.hits.total" : { "gt" : 5 } }
+      },
+      "webhook" : {
+        "method" : "POST",
+        "host" : "pager.service.domain",
+        "port" : 1234,
+        "path" : "/{{watch_id}}",
+        "body" : "Encountered {{ctx.payload.hits.total}} errors"
+      }
+    }
+  }
+}
+--------------------------------------------------
+// CONSOLE
+
+<1> A `condition` that only applies to the `notify_pager` action, which
+    restricts its execution to when the condition succeeds (at least 5 hits in this case).
+
 include::actions/email.asciidoc[]

 include::actions/webhook.asciidoc[]
--- a/docs/en/watcher/condition.asciidoc
+++ b/docs/en/watcher/condition.asciidoc
@ -25,6 +25,9 @@ including the watch payload (`ctx.payload.*`). The <<condition-script, script>>,
 conditions can use the payload data to determine whether or not the necessary
 conditions are met.

+In addition to the watch wide condition, you can also configure conditions
+per <<action-conditions, action>>.
+
 include::condition/always.asciidoc[]

 include::condition/never.asciidoc[]
@ -34,7 +37,3 @@ include::condition/compare.asciidoc[]
 include::condition/array-compare.asciidoc[]

 include::condition/script.asciidoc[]
-
-
-
-