[DOCS] Updates Watcher examples for code testing (#31152)
This commit is contained in:
parent
44e1c8e9a9
commit
54d1b9eb6f
|
@ -14,38 +14,6 @@ buildRestTests.expectedUnconvertedCandidates = [
|
|||
'en/security/authorization/run-as-privilege.asciidoc',
|
||||
'en/security/ccs-clients-integrations/http.asciidoc',
|
||||
'en/security/authorization/custom-roles-provider.asciidoc',
|
||||
'en/watcher/actions/email.asciidoc',
|
||||
'en/watcher/actions/hipchat.asciidoc',
|
||||
'en/watcher/actions/index.asciidoc',
|
||||
'en/watcher/actions/logging.asciidoc',
|
||||
'en/watcher/actions/pagerduty.asciidoc',
|
||||
'en/watcher/actions/slack.asciidoc',
|
||||
'en/watcher/actions/jira.asciidoc',
|
||||
'en/watcher/actions/webhook.asciidoc',
|
||||
'en/watcher/condition/always.asciidoc',
|
||||
'en/watcher/condition/array-compare.asciidoc',
|
||||
'en/watcher/condition/compare.asciidoc',
|
||||
'en/watcher/condition/never.asciidoc',
|
||||
'en/watcher/condition/script.asciidoc',
|
||||
'en/watcher/customizing-watches.asciidoc',
|
||||
'en/watcher/example-watches/example-watch-meetupdata.asciidoc',
|
||||
'en/watcher/how-watcher-works.asciidoc',
|
||||
'en/watcher/input/chain.asciidoc',
|
||||
'en/watcher/input/http.asciidoc',
|
||||
'en/watcher/input/search.asciidoc',
|
||||
'en/watcher/input/simple.asciidoc',
|
||||
'en/watcher/transform.asciidoc',
|
||||
'en/watcher/transform/chain.asciidoc',
|
||||
'en/watcher/transform/script.asciidoc',
|
||||
'en/watcher/transform/search.asciidoc',
|
||||
'en/watcher/trigger/schedule/cron.asciidoc',
|
||||
'en/watcher/trigger/schedule/daily.asciidoc',
|
||||
'en/watcher/trigger/schedule/hourly.asciidoc',
|
||||
'en/watcher/trigger/schedule/interval.asciidoc',
|
||||
'en/watcher/trigger/schedule/monthly.asciidoc',
|
||||
'en/watcher/trigger/schedule/weekly.asciidoc',
|
||||
'en/watcher/trigger/schedule/yearly.asciidoc',
|
||||
'en/watcher/troubleshooting.asciidoc',
|
||||
'en/rest-api/ml/delete-snapshot.asciidoc',
|
||||
'en/rest-api/ml/get-bucket.asciidoc',
|
||||
'en/rest-api/ml/get-job-stats.asciidoc',
|
||||
|
|
|
@ -35,6 +35,7 @@ the watch payload in the email body:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The id of the action.
|
||||
<2> The action type is set to `email`.
|
||||
<3> One or more addresses to send the email to. Must be specified in the
|
||||
|
@ -92,6 +93,7 @@ killed by firewalls or load balancers inbetween.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The ID of the attachment, which is used as the file name in the email
|
||||
attachment.
|
||||
<2> The type of the attachment and its specific configuration.
|
||||
|
@ -158,9 +160,8 @@ include::{kib-repo-dir}/reporting/watch-example.asciidoc[]
|
|||
|
||||
include::{kib-repo-dir}/reporting/report-intervals.asciidoc[]
|
||||
|
||||
//TODO: RE-ADD LINK:
|
||||
//For more information, see
|
||||
//{kibana-ref}/automating-report-generation.html[Automating Report Generation].
|
||||
For more information, see
|
||||
{kibana-ref}/automating-report-generation.html[Automating Report Generation].
|
||||
|
||||
[[email-action-attributes]]
|
||||
==== Email Action Attributes
|
||||
|
|
|
@ -37,6 +37,7 @@ attribute is the message itself:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The name of a HipChat account configured in `elasticsearch.yml`.
|
||||
<2> The message you want to send to HipChat.
|
||||
|
||||
|
@ -66,6 +67,7 @@ For example, the following action is configured to send messages to the
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
To send messages with a HipChat account that uses the <<hipchat-api-v1, v1>>
|
||||
profile, you need to specify what room or rooms you want to send the message to.
|
||||
|
@ -92,7 +94,7 @@ For example, the following action is configured to send messages to the
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
|
||||
// NOTCONSOLE
|
||||
|
||||
[[hipchat-action-attributes]]
|
||||
==== HipChat Action Attributes
|
||||
|
|
|
@ -22,6 +22,7 @@ The following snippet shows a simple `index` action definition:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The id of the action
|
||||
<2> An optional <<condition, condition>> to restrict action execution
|
||||
<3> An optional <<transform, transform>> to transform the payload and prepare the data that should be indexed
|
||||
|
|
|
@ -40,6 +40,7 @@ The following snippet shows a simple jira action definition:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The name of a Jira account configured in `elasticsearch.yml`.
|
||||
<2> The key of the Jira project in which the issue will be created.
|
||||
<3> The name of the issue type.
|
||||
|
|
|
@ -25,6 +25,7 @@ The following snippet shows a simple logging action definition:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The id of the action.
|
||||
<2> An optional <<transform, transform>> to transform the payload before
|
||||
executing the `logging` action.
|
||||
|
|
|
@ -25,6 +25,7 @@ The following snippet shows a simple PagerDuty action definition:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> Description of the message
|
||||
|
||||
|
||||
|
@ -59,6 +60,7 @@ payload as well as an array of contexts to the action.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
|
||||
[[pagerduty-action-attributes]]
|
||||
|
|
|
@ -29,6 +29,7 @@ The following snippet shows a simple slack action definition:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The channels and users you want to send the message to.
|
||||
<2> The content of the message.
|
||||
|
||||
|
@ -66,6 +67,7 @@ The following snippet shows a standard message attachment:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[[slack-dynamic-attachment]]
|
||||
|
||||
|
@ -131,6 +133,7 @@ aggregation and the Slack action:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The list generated by the action's transform.
|
||||
<2> The parameter placeholders refer to attributes in each item of the list
|
||||
generated by the transform.
|
||||
|
|
|
@ -30,6 +30,7 @@ The following snippet shows a simple webhook action definition:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The id of the action
|
||||
<2> An optional <<transform, transform>> to transform the payload before
|
||||
executing the `webhook` action
|
||||
|
@ -65,6 +66,7 @@ For example, the following `webhook` action creates a new issue in GitHub:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The username and password for the user creating the issue
|
||||
|
||||
NOTE: By default, both the username and the password are stored in the `.watches`
|
||||
|
@ -101,6 +103,7 @@ the values serve as the parameter values:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The parameter values can contain templated strings.
|
||||
|
||||
|
||||
|
@ -128,6 +131,7 @@ the values serve as the header values:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The header values can contain templated strings.
|
||||
|
||||
|
||||
|
|
|
@ -22,3 +22,4 @@ object:
|
|||
"always" : {}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -34,6 +34,7 @@ than or equal to 25:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The path to the array in the execution
|
||||
context that you want to evaluate, specified in dot notation.
|
||||
<2> The path to the field in each array element that you want to evaluate.
|
||||
|
|
|
@ -49,6 +49,7 @@ search result>> is greater than or equal to 5:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> Use dot notation to reference a value in the execution context.
|
||||
<2> Specify a comparison operator and the value you want to compare against.
|
||||
|
||||
|
@ -68,6 +69,7 @@ of the form `<{expression}>`. For example, the following expression returns
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
You can also compare two values in the execution context by specifying the
|
||||
compared value as a path of the form of `{{path}}`. For example, the following
|
||||
|
@ -85,6 +87,7 @@ to the `ctx.payload.aggregations.handled.buckets.true.doc_count`:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Accessing Values in the Execution Context
|
||||
|
||||
|
|
|
@ -17,3 +17,4 @@ you specify the condition type and associate it with an empty object:
|
|||
"never" : {}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -19,6 +19,7 @@ The following snippet configures an inline `script` condition that always return
|
|||
"script" : "return true"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
This example defines a script as a simple string. This format is actually a
|
||||
shortcut for defining an <<condition-script-inline, inline>> script. The
|
||||
|
@ -43,6 +44,7 @@ parameter, `result`:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[[condition-script-inline]]
|
||||
==== Inline Scripts
|
||||
|
@ -59,6 +61,7 @@ always returns `true`.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[[condition-script-stored]]
|
||||
==== Stored Scripts
|
||||
|
@ -74,6 +77,7 @@ in Elasticsearch. The following snippet shows how to refer to a script by its `i
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
As with <<condition-script-inline, Inline>>
|
||||
scripts, you can also specify the script language and parameters:
|
||||
|
@ -88,6 +92,7 @@ scripts, you can also specify the script language and parameters:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[[accessing-watch-payload]]
|
||||
==== Accessing the Watch Payload
|
||||
|
@ -121,6 +126,7 @@ threshold:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
When you're using a scripted condition to evaluate an Elasticsearch response,
|
||||
keep in mind that the fields in the response are no longer in their native data
|
||||
|
@ -132,6 +138,7 @@ you need to parse the `@timestamp` string into a `DateTime`. For example:
|
|||
--------------------------------------------------
|
||||
org.elasticsearch.common.joda.time.DateTime.parse(@timestamp)
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
You can reference the following variables in the watch context:
|
||||
|
||||
|
|
|
@ -36,6 +36,7 @@ fields in the payload:
|
|||
}
|
||||
}
|
||||
-------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
See <<input-simple>> for more details.
|
||||
|
||||
|
@ -74,6 +75,7 @@ For example, the following `search` input loads the latest VIX quote:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> Will resolve to today's daily quotes index
|
||||
|
||||
See <<input-search>> for more details.
|
||||
|
@ -105,7 +107,7 @@ Amsterdam using http://openweathermap.org/appid[OpenWeatherMap] online service:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
|
||||
// NOTCONSOLE
|
||||
See <<input-http>> for more details.
|
||||
|
||||
[[chaining-inputs]]
|
||||
|
@ -146,7 +148,7 @@ returned any hits:
|
|||
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
|
||||
},
|
||||
--------------------------------------------------
|
||||
|
||||
// NOTCONSOLE
|
||||
See <<condition-compare>> for more details.
|
||||
|
||||
==== Powerful Comparison Logic with the Script Condition
|
||||
|
@ -176,7 +178,7 @@ VIX quote loaded by the `http` input is either greater than 5% or lower than -5%
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
|
||||
// NOTCONSOLE
|
||||
See <<condition-script>> for more details.
|
||||
|
||||
[[using-transforms]]
|
||||
|
@ -231,6 +233,7 @@ attaches the payload data to the message:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The id of the action
|
||||
<2> The action type, in this case it's an `email` action
|
||||
|
||||
|
@ -261,6 +264,7 @@ creates a new issue in GitHub
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> `<owner>` is the owner of the GitHub repo and `<repo>` is the name of the repo.
|
||||
<2> The username that creates the issue
|
||||
<3> The password of that user
|
||||
|
|
|
@ -13,6 +13,7 @@ To ingest this data with Logstash:
|
|||
|
||||
. Create a Logstash configuration file that uses the {logstash-ref}/plugins-inputs-stdin.html[Logstash standard input] and the {logstash-ref}/plugins-outputs-stdout.html[Logstash standard output] and save it in `logstash-{version}` directory as `livestream.conf`:
|
||||
+
|
||||
--
|
||||
[source,ruby]
|
||||
----------------------------------------------------------
|
||||
input {
|
||||
|
@ -38,16 +39,20 @@ output { <2>
|
|||
}
|
||||
|
||||
----------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The meetup data stream is formatted in JSON.
|
||||
<2> Index the meetup data into Elasticsearch.
|
||||
--
|
||||
|
||||
. To start indexing the meetup data, pipe the RSVP stream into Logstash and specify your `livestream.conf` configuration file.
|
||||
+
|
||||
[source,she]
|
||||
--
|
||||
[source,shell]
|
||||
----------------------------------------------------------
|
||||
|
||||
curl http://stream.meetup.com/2/rsvps | bin/logstash -f livestream.conf
|
||||
---------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
--
|
||||
|
||||
Now that you're indexing the meetup RSVPs, you can set up a watch that lets you know about events you might be interested in. For example, let's create a watch that runs every hour, looks for events that talk about about _Open Source_, and sends an email with information about the events.
|
||||
|
||||
|
@ -56,6 +61,7 @@ To set up the watch:
|
|||
|
||||
. Specify how often you want to run the watch by adding a schedule trigger to the watch:
|
||||
+
|
||||
--
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
{
|
||||
|
@ -65,8 +71,11 @@ To set up the watch:
|
|||
}
|
||||
},
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
--
|
||||
. Load data into the watch payload by creating an input that searches the meetup data for events that have _Open Source_ as a topic. You can use aggregations to group the data by city, consolidate references to the same events, and sort the events by date.
|
||||
+
|
||||
--
|
||||
[source,js]
|
||||
-------------------------------------------------
|
||||
"input": {
|
||||
|
@ -135,19 +144,28 @@ To set up the watch:
|
|||
}
|
||||
},
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> Elasticsearch Date math is used to select the Logstash indices that contain the meetup data. The second pattern is needed in case the previous hour crosses days.
|
||||
<2> Find all of the RSVPs with `Open Source` as a topic.
|
||||
<3> Group the RSVPs by city.
|
||||
<4> Consolidate multiple RSVPs for the same event.
|
||||
<5> Sort the events so the latest events are listed first.
|
||||
<6> Group the events by name.
|
||||
--
|
||||
|
||||
. To determine whether or not there are any Open Source events, add a compare condition that checks the watch payload to see if there were any search hits.
|
||||
+
|
||||
--
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
--
|
||||
|
||||
. To send an email when _Open Source_ events are found, add an email action:
|
||||
+
|
||||
--
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
"actions": {
|
||||
|
@ -167,6 +185,8 @@ To set up the watch:
|
|||
}
|
||||
}
|
||||
---------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
--
|
||||
|
||||
NOTE: To enable Watcher to send emails, you must configure an email account in `elasticsearch.yml`. For more information, see <<configuring-email, Working with Various Email Services>>.
|
||||
|
||||
|
|
|
@ -283,6 +283,7 @@ The following snippet shows the basic structure of the _Watch Execution Context_
|
|||
"vars" : { ... } <6>
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> Any static metadata specified in the watch definition.
|
||||
<2> The current watch payload.
|
||||
<3> The id of the executing watch.
|
||||
|
@ -348,6 +349,7 @@ in sent emails:
|
|||
}
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[float]
|
||||
[[inline-templates-scripts]]
|
||||
|
@ -369,6 +371,7 @@ the context metadata.
|
|||
}
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
For a script, you simply specify the inline script as the value of the `script`
|
||||
field. For example:
|
||||
|
@ -379,6 +382,7 @@ field. For example:
|
|||
"script" : "return true"
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
You can also explicitly specify the inline type by using a formal object
|
||||
definition as the field value. For example:
|
||||
|
@ -395,6 +399,7 @@ definition as the field value. For example:
|
|||
}
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
The formal object definition for a script would be:
|
||||
|
||||
|
@ -406,6 +411,7 @@ The formal object definition for a script would be:
|
|||
}
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[float]
|
||||
[[stored-templates-scripts]]
|
||||
|
@ -436,3 +442,4 @@ references the `email_notification_subject` template:
|
|||
}
|
||||
}
|
||||
----------------------------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -38,6 +38,7 @@ path set by a `simple` input:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The inputs in a chain are specified as an array to guarantee the order in
|
||||
which the inputs are processed. (JSON does not guarantee the order of
|
||||
arbitrary objects.)
|
||||
|
@ -90,3 +91,4 @@ still be available in its original form in `ctx.payload.first`.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -40,6 +40,7 @@ index:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
You can use the full Elasticsearch {ref}/query-dsl.html[Query DSL] to perform
|
||||
more sophisticated searches. For example, the following `http` input retrieves
|
||||
|
@ -58,6 +59,7 @@ all documents that contain `event` in the `category` field:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Calling Elasticsearch APIs
|
||||
|
||||
|
@ -82,6 +84,7 @@ Stats] API and enables the `human` attribute:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> Enabling this attribute returns the `bytes` values in the response in human
|
||||
readable format.
|
||||
|
||||
|
@ -110,6 +113,7 @@ a username and password to access `myservice`:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
You can also pass in service-specific API keys and other information
|
||||
through the `params` attribute. For example, the following `http`
|
||||
|
@ -131,6 +135,7 @@ http://openweathermap.org/appid[OpenWeatherMap] service:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Using Templates
|
||||
|
||||
|
@ -153,6 +158,7 @@ and restrict the results to documents added within the last five minutes:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Accessing the HTTP Response
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@ documents from the `logs` index:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
You can use date math and wildcards when specifying indices. For example,
|
||||
the following input loads the latest VIXZ quote from today's daily quotes index:
|
||||
|
@ -57,6 +58,7 @@ the following input loads the latest VIXZ quote from today's daily quotes index:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Extracting Specific Fields
|
||||
|
||||
|
@ -78,6 +80,7 @@ watch payload:
|
|||
}
|
||||
},
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Using Templates
|
||||
|
||||
|
@ -105,6 +108,7 @@ parameter:
|
|||
...
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Applying Conditions
|
||||
|
||||
|
@ -131,6 +135,7 @@ check if the search returned more than five hits:
|
|||
...
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
==== Accessing the Search Results
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ an object (`obj`):
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
For example, the following watch uses the `simple` input to set the recipient
|
||||
name for a daily reminder email:
|
||||
|
@ -48,3 +49,4 @@ name for a daily reminder email:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -52,6 +52,7 @@ part of the definition of the `my_webhook` action.
|
|||
]
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> A watch level `transform`
|
||||
<2> An action level `transform`
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ following snippet:
|
|||
]
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> The `chain` transform definition
|
||||
<2> The first transform in the chain (in this case, a `search` transform)
|
||||
<3> The second and final transform in the chain (in this case, a `script`
|
||||
|
|
|
@ -20,6 +20,7 @@ TIP: The `script` transform is often useful when used in combination with the
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
<1> A simple `painless` script that creates a new payload with a single `time`
|
||||
field holding the scheduled time.
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ defined on the watch level:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
Like every other search based construct, one can make use of the full search
|
||||
API supported by Elasticsearch. For example, the following search transform
|
||||
|
@ -41,6 +42,7 @@ execute a search over all events indices, matching events with `error` priority:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
The following table lists all available settings for the search transform:
|
||||
|
||||
|
@ -129,6 +131,7 @@ time of the watch:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
The model of the template is a union between the provided `template.params`
|
||||
settings and the <<watch-execution-context, standard watch execution context model>>.
|
||||
|
@ -173,3 +176,4 @@ The following is an example of using templates that refer to provided parameters
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
|
|
@ -184,6 +184,7 @@ that triggers every day at noon:
|
|||
...
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
===== Configuring a Multiple Times Cron Schedule
|
||||
|
||||
|
@ -207,6 +208,7 @@ minute during the weekend:
|
|||
...
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[[croneval]]
|
||||
===== Verifying Cron Expressions
|
||||
|
|
|
@ -28,6 +28,7 @@ day at 5:00 PM:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
===== Configuring a Multiple Times Daily Schedule
|
||||
|
||||
|
@ -45,6 +46,7 @@ triggers at `00:00`, `12:00`, and `17:00` every day.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
[[specifying-times-using-objects]]
|
||||
===== Specifying Times Using Objects
|
||||
|
@ -69,6 +71,7 @@ For example, the following `daily` schedule triggers once every day at 5:00 PM:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
To specify multiple times using the object notation, you specify multiple hours
|
||||
or minutes as an array. For example, following `daily` schedule triggers at
|
||||
|
@ -89,3 +92,4 @@ or minutes as an array. For example, following `daily` schedule triggers at
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -28,6 +28,7 @@ For example, the following `hourly` schedule triggers at minute 30 every hour--
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
===== Configuring a Multiple Times Hourly Schedule
|
||||
|
||||
|
@ -46,3 +47,4 @@ triggers every 15 minutes every hour--`12:00`, `12:15`, `12:30`, `12:45`,
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -34,3 +34,4 @@ For example, the following `interval` schedule triggers every five minutes:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -26,6 +26,7 @@ on the 10th of each month at noon:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
NOTE: You can also specify the day and time with the `day` and `time` attributes,
|
||||
they are interchangeable with `on` and `at`.
|
||||
|
@ -50,6 +51,7 @@ schedule triggers at 12:00 PM on the 10th of each month and at 5:00 PM on the
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
Alternatively, you can specify days and times in an object that has `on` and `at`
|
||||
attributes that contain an array of values. For example, the following `monthly`
|
||||
|
@ -68,3 +70,4 @@ schedule triggers at 12:00 AM and 12:00 PM on the 10th and 20th of each month.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -32,6 +32,7 @@ triggers once a week on Friday at 5:00 PM:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
NOTE: You can also specify the day and time with the `day` and `time` attributes,
|
||||
they are interchangeable with `on` and `at`.
|
||||
|
@ -55,6 +56,7 @@ schedule triggers every Tuesday at 12:00 PM and every Friday at 5:00 PM:
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
Alternatively, you can specify days and times in an object that has `on` and
|
||||
`minute` attributes that contain an array of values. For example, the following
|
||||
|
@ -73,3 +75,4 @@ Alternatively, you can specify days and times in an object that has `on` and
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
|
@ -37,6 +37,7 @@ example, the following `yearly` schedule triggers once a year at noon on January
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
NOTE: You can also specify the month, day, and time with the `month`, `day`, and
|
||||
`time` attributes, they are interchangeable with `in`, `on`, and `at`.
|
||||
|
@ -61,6 +62,7 @@ on July 20th.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
||||
Alternatively, you can specify the months, days, and times in an object that has
|
||||
`in`, `on`, and `minute` attributes that contain an array of values. For example,
|
||||
|
@ -81,3 +83,4 @@ January 20th, December 10th, and December 20th.
|
|||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
|
|
|
@ -30,6 +30,8 @@ mappings:
|
|||
--------------------------------------------------
|
||||
DELETE .watches
|
||||
--------------------------------------------------
|
||||
// CONSOLE
|
||||
// TEST[skip:index deletion]
|
||||
+
|
||||
. Disable direct access to the `.watches` index:
|
||||
.. Stop the Elasticsearch node.
|
||||
|
|
Loading…
Reference in New Issue