Alerting for Elasticsearch : Log watcher in elasticsearch using ES Watcher

Latest elasticsearch has new future of Alerting for elasticsearch using Watcher. This feature is very important and helpful to trigger alert on matching bracelet replica cartier search query.

You need fake cartier bracelet to install plugin

bin/plugin -i elasticsearch/license/latest
bin/plugin -i elasticsearch/watcher/latest
#Restart elasticsearch
#Verify installation using
curl -XGET 'http://localhost:9200/_watcher/stats?pretty'

After installation we have to create watcher index. This will check for an every 10sec of intervalOriginal Ref. from – https://www.elastic.co/downloads/watcher

curl -XPUT 'http://localhost:9200/_watcher/watch/cluster_health_watch' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"http" : {
"request" : {
"host" : "localhost",
"port" : 9200,
"path" : "/_cluster/health"
}
}
},
"condition" : {
"compare" : {
"ctx.payload.status" : { "eq" : "green" }
}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "<a href="mailto:appasaheb.sawant@gmail.com" target="_blank" rel="nofollow">appasaheb.sawant@gmail.com</a>",
"subject" : "Cluster Status Warning",
"body" : "Cluster status is RED"
}
}
}
}'

If we want to alert on matching query search then we can do like …

curl -XPUT 'http://localhost:9200/_watcher/watch/log_error_watch' -d '{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
}
}'

You can add email replica cartier settings in elasticsearh config.

watcher.actions.email.service.account:
    work:
        profile: gmail
        email_defaults:
            from: 'appasaheb.sawant@gmail.com'
            bcc: appasaheb.sawant@gmail.com
        smtp:
            auth: true
            starttls.enable: true
            host: smtp.gmail.com
            port: 587
            user: gmail username
            password: gmail password

Categories: Other