Tag: Watcher

ELK – Watcher Commands

GET _watcher/watch/<watch_id>
DELETE _watcher/watch/my-watch
PUT _watcher/watch/my-watch?active=false
PUT _watcher/watch/<watch_id>/_activate
PUT _watcher/watch/<watch_id>/_deactivate
GET _watcher/stats
GET _watcher
PUT _watcher/_stop
PUT _watcher/_start
GET _watcher/stats/queued_watches
GET _watcher/stats/current_watches
GET _watcher/stats?metric=executing_watches
PUT _watcher/watch/my-watch/_ack?master_timeout=30s
DELETE _watcher/watch/my-watch?master_timeout=30s
 
PUT _watcher/watch/my-watch/my-action/_ack
 
PUT _watcher/watch/my-watch/_ack
PUT _watcher/watch/my-watch/action1,action2/_ack
 

ELK – Watcher

Watcher

cd /usr/share/elasticsearch/

oot@ubuntu:/usr/share/elasticsearch# bin/plugin install elasticsearch/license/latest
-> Installing elasticsearch/license/latest…
Trying https://download.elastic.co/elasticsearch/license/license-latest.zip
Downloading …….DONE
Verifying https://download.elastic.co/elasticsearch/license/license-latest.zip checksums if available …
Downloading .DONE
Installed license into /usr/share/elasticsearch/plugins/license
root@ubuntu:/usr/share/elasticsearch# bin/plugin install elasticsearch/watcher/latest
-> Installing elasticsearch/watcher/latest…
Trying https://download.elastic.co/elasticsearch/watcher/watcher-latest.zip
Downloading ………………………………………………………………………………….DONE
Verifying https://download.elastic.co/elasticsearch/watcher/watcher-latest.zip checksums if available …
Downloading .DONE
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.

Continue with installation? [y/N]y
Installed watcher into /usr/share/elasticsearch/plugins/watcher
root@ubuntu:/usr/share/elasticsearch# service elasticsearch restart
root@ubuntu:/usr/share/elasticsearch# log [13:07:29.660] [error][elasticsearch] Request error, retrying — connect ECONNREFUSED
log [13:07:29.676] [warning][elasticsearch] Unable to revive connection: http://localhost:9200/
log [13:07:29.684] [warning][elasticsearch] No living connections
log [13:07:29.694] [error][status][plugin:elasticsearch] Status changed from green to red – Unable to connect to Elasticsearch at http://localhost:9200.
log [13:07:32.209] [warning][elasticsearch] Unable to revive connection: http://localhost:9200/
log [13:07:32.209] [warning][elasticsearch] No living connections
log [13:07:34.715] [warning][elasticsearch] Unable to revive connection: http://localhost:9200/
log [13:07:34.716] [warning][elasticsearch] No living connections
log [13:07:37.990] [error][status][plugin:elasticsearch] Status changed from red to red – Elasticsearch is still initializing the kibana index.
log [13:07:40.507] [info][status][plugin:elasticsearch] Status changed from red to green – Kibana index ready

root@ubuntu:/usr/share/elasticsearch#

curl -XGET ‘http://localhost:9200/_watcher/stats?pretty&#8217;
{
“watcher_state” : “started”,
“watch_count” : 0,
“execution_thread_pool” : {
“queue_size” : 0,
“max_size” : 0
},
“manually_stopped” : false
}

 

curl -XGET ‘http://localhost:9200/mohan-*/_search&#8217; -d ‘ { “query” : { “match” : { “message” : “test” }}} ‘

 

 

curl -XPUT ‘http://localhost:9200/_watcher/watch/log_error_watch&#8217; -d ‘{
“trigger” : {
“schedule” : { “interval” : “10s” }
},
“input” : {
“search” : {
“request” : {
“indices” : [ “mohan-*” ],
“body” : {
“query” : {
“match” : { “message”: “test” }
}
}
}
}
}
}’

 

curl -XGET ‘http://localhost:9200/.watch_history*/_search?pretty&#8217;

root@ubuntu:/home/ilamuruhan# curl -XDELETE ‘http://localhost:9200/_watcher/watch/log_error_watch&#8217;
{“_id”:”log_error_watch”,”_version”:111,”found”:true}root@ubuntu:/home/ilamuruhan#
root@ubuntu:/home/ilamuruhan#
root@ubuntu:/home/ilamuruhan#
root@ubuntu:/home/ilamuruhan# curl -XDELETE ‘http://localhost:9200/_watcher/watch/log_error_watch&#8217;
{“_id”:”log_error_watch”,”_version”:112,”found”:false}root@ubuntu:/home/ilamuruhan#

 
curl -XPUT ‘http://localhost:9200/_watcher/watch/log_sundar_watch&#8217; -d ‘{
“trigger” : { “schedule” : { “interval” : “10s” } },
“input” : {
“search” : {
“request” : {
“indices” : [ “mohan-*” ],
“body” : {
“query” : {
“match” : { “message”: “sundar” }
}
}
}
}
},
“condition” : {
“compare” : { “ctx.payload.hits.total” : { “gt” : 0 }}
},
“actions” : {
“log_error” : {
“logging” : {
“text” : “Found {{ctx.payload.hits.total}} errors in the logs”
}
},

“email_admin”: {
“email”: {
“to”: “Mohan Ponnu <abcd@gmail.com>”,
“subject”: “{{ctx.watch_id}} executed”,
“body”: “{{ctx.watch_id}} executed with {{ctx.payload.hits.total}} hits”
}
}
}
}’

curl -XDELETE ‘http://localhost:9200/_watcher/watch/log_sundar_watch&#8217;

 

#watcher config

watcher.actions.email.service.account:
gmail:
profile: gmail
smtp:
auth: true
starttls.enable: true
host: smtp.gmail.com
port: 587
user: abc@gmail.com
password: xxx