All methods and paths for this operation:
This API can be used to force execution of the watch outside of its triggering logic or to simulate the watch execution for debugging purposes.
For testing and debugging purposes, you also have fine-grained control on how the watch runs. You can run the watch without running all of its actions or alternatively by simulating them. You can also force execution by ignoring the watch condition and control whether a watch record would be written to the watch history after it runs.
You can use the run watch API to run watches that are not yet registered by specifying the watch definition inline. This serves as great tool for testing and debugging your watches prior to adding them to Watcher.
When Elasticsearch security features are enabled on your cluster, watches are run with the privileges of the user that stored the watches.
If your user is allowed to read index a, but not index b, then the exact same set of rules will apply during execution of a watch.
When using the run watch API, the authorization data of the user that called the API will be used as a base, instead of the information who stored the watch. Refer to the external documentation for examples of watch execution requests, including existing, customized, and inline watches.
manage_watcherDetermines how to handle the watch actions as part of the watch execution.
When present, the watch uses this object as a payload instead of executing its own input.
When set to true, the watch execution uses the always condition. This can also be specified as an HTTP parameter.
Default value is false.
When set to true, the watch record representing the watch execution result is persisted to the .watcher-history index for the current time.
In addition, the status of the watch is updated, possibly throttling subsequent runs.
This can also be specified as an HTTP parameter.
Default value is false.
Values are email, webhook, index, logging, slack, or pagerduty.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Time unit for milliseconds
Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
Values are query_then_fetch or dfs_query_then_fetch.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are true, false, or wait_for.
Values are index or create.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
Values are trigger, resolve, or acknowledge.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are head, get, post, put, or delete.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are http or https.
Defines the aggregations that are run as part of the search request.
If true, the request returns detailed information about score computation as part of a hit.
Default value is false.
Configuration of search extensions defined by Elasticsearch plugins.
The starting document offset, which must be non-negative.
By default, you cannot page through more than 10,000 hits using the from and size parameters.
To page through more hits, use the search_after parameter.
Default value is 0.
Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
Boost the _score of documents from specified indices.
The boost value is the factor by which scores are multiplied.
A boost value greater than 1.0 increases the score.
A boost value between 0 and 1.0 decreases the score.
An array of wildcard (*) field patterns.
The request returns doc values for field names matching these patterns in the hits.fields property of the response.
A reference to a field with formatting instructions on how to return the value
A reference to a field with formatting instructions on how to return the value
The minimum _score for matching documents.
Documents with a lower _score are not included in search results or results collected by aggregations.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Set to true to return detailed timing information about the execution of individual components in a search request.
NOTE: This is a debugging tool and adds significant overhead to search execution.
Default value is false.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Retrieve a script evaluation (based on different fields) for each hit.
A field value.
The number of hits to return, which must not be negative.
By default, you cannot page through more than 10,000 hits using the from and size parameters.
To page through more hits, use the search_after property.
Default value is 10.
An array of wildcard (*) field patterns.
The request returns values for field names matching these patterns in the hits.fields property of the response.
A reference to a field with formatting instructions on how to return the value
A reference to a field with formatting instructions on how to return the value
The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.
IMPORTANT: Use with caution. Elasticsearch applies this property to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this property for requests that target data streams with backing indices across multiple data tiers.
If set to 0 (default), the query does not terminate early.
Default value is 0.
The period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
If true, calculate and return document scores, even if the scores are not used for sorting.
Default value is false.
If true, the request returns the document version as part of a hit.
Default value is false.
If true, the request returns sequence number and primary term of the last modification of each hit.
The stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are head, get, post, put, or delete.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are http or https.
Values are json, yaml, or text.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only
missing or closed indices. This behavior applies even if the request targets other open indices. For example,
a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
If true, missing or closed indices are not included in the response.
Default value is false.
If true, concrete, expanded or aliased indices are ignored when frozen.
Default value is true.
Values are query_then_fetch or dfs_query_then_fetch.
Default value is false.
Default value is false.
An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Time unit for milliseconds
Default value is painless.
Defines the aggregations that are run as part of the search request.
If true, the request returns detailed information about score computation as part of a hit.
Default value is false.
Configuration of search extensions defined by Elasticsearch plugins.
The starting document offset, which must be non-negative.
By default, you cannot page through more than 10,000 hits using the from and size parameters.
To page through more hits, use the search_after parameter.
Default value is 0.
Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
Boost the _score of documents from specified indices.
The boost value is the factor by which scores are multiplied.
A boost value greater than 1.0 increases the score.
A boost value between 0 and 1.0 decreases the score.
An array of wildcard (*) field patterns.
The request returns doc values for field names matching these patterns in the hits.fields property of the response.
A reference to a field with formatting instructions on how to return the value
A reference to a field with formatting instructions on how to return the value
The minimum _score for matching documents.
Documents with a lower _score are not included in search results or results collected by aggregations.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Set to true to return detailed timing information about the execution of individual components in a search request.
NOTE: This is a debugging tool and adds significant overhead to search execution.
Default value is false.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Retrieve a script evaluation (based on different fields) for each hit.
A field value.
The number of hits to return, which must not be negative.
By default, you cannot page through more than 10,000 hits using the from and size parameters.
To page through more hits, use the search_after property.
Default value is 10.
An array of wildcard (*) field patterns.
The request returns values for field names matching these patterns in the hits.fields property of the response.
A reference to a field with formatting instructions on how to return the value
A reference to a field with formatting instructions on how to return the value
The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.
IMPORTANT: Use with caution. Elasticsearch applies this property to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this property for requests that target data streams with backing indices across multiple data tiers.
If set to 0 (default), the query does not terminate early.
Default value is 0.
The period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
If true, calculate and return document scores, even if the scores are not used for sorting.
Default value is false.
If true, the request returns the document version as part of a hit.
Default value is false.
If true, the request returns sequence number and primary term of the last modification of each hit.
The stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only
missing or closed indices. This behavior applies even if the request targets other open indices. For example,
a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
If true, missing or closed indices are not included in the response.
Default value is false.
If true, concrete, expanded or aliased indices are ignored when frozen.
Default value is true.
Values are query_then_fetch or dfs_query_then_fetch.
Default value is false.
Default value is false.
An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Defines the aggregations that are run as part of the search request.
If true, the request returns detailed information about score computation as part of a hit.
Default value is false.
Configuration of search extensions defined by Elasticsearch plugins.
The starting document offset, which must be non-negative.
By default, you cannot page through more than 10,000 hits using the from and size parameters.
To page through more hits, use the search_after parameter.
Default value is 0.
Number of hits matching the query to count accurately. If true, the exact number of hits is returned at the cost of some performance. If false, the response does not include the total number of hits matching the query. Defaults to 10,000 hits.
Boost the _score of documents from specified indices.
The boost value is the factor by which scores are multiplied.
A boost value greater than 1.0 increases the score.
A boost value between 0 and 1.0 decreases the score.
An array of wildcard (*) field patterns.
The request returns doc values for field names matching these patterns in the hits.fields property of the response.
The minimum _score for matching documents.
Documents with a lower _score are not included in search results or results collected by aggregations.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Set to true to return detailed timing information about the execution of individual components in a search request.
NOTE: This is a debugging tool and adds significant overhead to search execution.
Default value is false.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
Retrieve a script evaluation (based on different fields) for each hit.
A field value.
The number of hits to return, which must not be negative.
By default, you cannot page through more than 10,000 hits using the from and size parameters.
To page through more hits, use the search_after property.
Default value is 10.
An array of wildcard (*) field patterns.
The request returns values for field names matching these patterns in the hits.fields property of the response.
The maximum number of documents to collect for each shard. If a query reaches this limit, Elasticsearch terminates the query early. Elasticsearch collects documents before sorting.
IMPORTANT: Use with caution. Elasticsearch applies this property to each shard handling the request. When possible, let Elasticsearch perform early termination automatically. Avoid specifying this property for requests that target data streams with backing indices across multiple data tiers.
If set to 0 (default), the query does not terminate early.
Default value is 0.
The period of time to wait for a response from each shard. If no response is received before the timeout expires, the request fails and returns an error. Defaults to no timeout.
If true, calculate and return document scores, even if the scores are not used for sorting.
Default value is false.
If true, the request returns the document version as part of a hit.
Default value is false.
If true, the request returns sequence number and primary term of the last modification of each hit.
The stats groups to associate with the search. Each group maintains a statistics aggregation for its associated searches. You can retrieve these stats using the indices stats API.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are head, get, post, put, or delete.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are http or https.
Values are json, yaml, or text.
Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
If false, the request returns an error if any wildcard expression, index alias, or _all value targets only
missing or closed indices. This behavior applies even if the request targets other open indices. For example,
a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
If true, missing or closed indices are not included in the response.
Default value is false.
If true, concrete, expanded or aliased indices are ignored when frozen.
Default value is true.
Values are query_then_fetch or dfs_query_then_fetch.
A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and
d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
Values are success, failure, simulated, or throttled.
Values are email, webhook, index, logging, slack, or pagerduty.
Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
The type of error
The server stack trace. Present only if the error_trace=true parameter was sent with the request.
Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
Time unit for milliseconds
A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
Values are awaits_execution, checking, execution_not_needed, throttled, executed, failed, deleted_while_queued, or not_executed_already_queued.
A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
POST _watcher/watch/my_watch/_execute
{
"trigger_data" : {
"triggered_time" : "now",
"scheduled_time" : "now"
},
"alternative_input" : {
"foo" : "bar"
},
"ignore_condition" : true,
"action_modes" : {
"my-action" : "force_simulate"
},
"record_execution" : true
}resp = client.watcher.execute_watch(
id="my_watch",
trigger_data={
"triggered_time": "now",
"scheduled_time": "now"
},
alternative_input={
"foo": "bar"
},
ignore_condition=True,
action_modes={
"my-action": "force_simulate"
},
record_execution=True,
)const response = await client.watcher.executeWatch({
id: "my_watch",
trigger_data: {
triggered_time: "now",
scheduled_time: "now",
},
alternative_input: {
foo: "bar",
},
ignore_condition: true,
action_modes: {
"my-action": "force_simulate",
},
record_execution: true,
});response = client.watcher.execute_watch(
id: "my_watch",
body: {
"trigger_data": {
"triggered_time": "now",
"scheduled_time": "now"
},
"alternative_input": {
"foo": "bar"
},
"ignore_condition": true,
"action_modes": {
"my-action": "force_simulate"
},
"record_execution": true
}
)$resp = $client->watcher()->executeWatch([
"id" => "my_watch",
"body" => [
"trigger_data" => [
"triggered_time" => "now",
"scheduled_time" => "now",
],
"alternative_input" => [
"foo" => "bar",
],
"ignore_condition" => true,
"action_modes" => [
"my-action" => "force_simulate",
],
"record_execution" => true,
],
]);curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"trigger_data":{"triggered_time":"now","scheduled_time":"now"},"alternative_input":{"foo":"bar"},"ignore_condition":true,"action_modes":{"my-action":"force_simulate"},"record_execution":true}' "$ELASTICSEARCH_URL/_watcher/watch/my_watch/_execute"client.watcher().executeWatch(e -> e
.actionModes("my-action", ActionExecutionMode.ForceSimulate)
.alternativeInput("foo", JsonData.fromJson("\"bar\""))
.id("my_watch")
.ignoreCondition(true)
.recordExecution(true)
.triggerData(t -> t
.scheduledTime(DateTime.of("now"))
.triggeredTime(DateTime.of("now"))
)
);
{
"trigger_data" : {
"triggered_time" : "now",
"scheduled_time" : "now"
},
"alternative_input" : {
"foo" : "bar"
},
"ignore_condition" : true,
"action_modes" : {
"my-action" : "force_simulate"
},
"record_execution" : true
}{
"action_modes" : {
"action1" : "force_simulate",
"action2" : "skip"
}
}{
"watch" : {
"trigger" : { "schedule" : { "interval" : "10s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "logs" ],
"body" : {
"query" : {
"match" : { "message": "error" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"log_error" : {
"logging" : {
"text" : "Found {{ctx.payload.hits.total}} errors in the logs"
}
}
}
}
}{
"_id": "my_watch_0-2015-06-02T23:17:55.124Z",
"watch_record": {
"@timestamp": "2015-06-02T23:17:55.124Z",
"watch_id": "my_watch",
"node": "my_node",
"messages": [],
"trigger_event": {
"type": "manual",
"triggered_time": "2015-06-02T23:17:55.124Z",
"manual": {
"schedule": {
"scheduled_time": "2015-06-02T23:17:55.124Z"
}
}
},
"state": "executed",
"status": {
"version": 1,
"execution_state": "executed",
"state": {
"active": true,
"timestamp": "2015-06-02T23:17:55.111Z"
},
"last_checked": "2015-06-02T23:17:55.124Z",
"last_met_condition": "2015-06-02T23:17:55.124Z",
"actions": {
"test_index": {
"ack": {
"timestamp": "2015-06-02T23:17:55.124Z",
"state": "ackable"
},
"last_execution": {
"timestamp": "2015-06-02T23:17:55.124Z",
"successful": true
},
"last_successful_execution": {
"timestamp": "2015-06-02T23:17:55.124Z",
"successful": true
}
}
}
},
"input": {
"simple": {
"payload": {
"send": "yes"
}
}
},
"condition": {
"always": {}
},
"result": {
"execution_time": "2015-06-02T23:17:55.124Z",
"execution_duration": 12608,
"input": {
"type": "simple",
"payload": {
"foo": "bar"
},
"status": "success"
},
"condition": {
"type": "always",
"met": true,
"status": "success"
},
"actions": [
{
"id": "test_index",
"index": {
"response": {
"index": "test",
"version": 1,
"created": true,
"result": "created",
"id": "AVSHKzPa9zx62AzUzFXY"
}
},
"status": "success",
"type": "index"
}
]
},
"user": "test_admin"
}
}