WARNING: Version 6.1 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Advanced watches are for people who are more familiar with Elasticsearch query syntax and the watcher framework overall. The creation UI is more closely aligned with using the REST apis directly. For more information, see Elasticsearch query DSL.
To create a new advanced watch:
This screen lets you define the core properties of an advanced watch.
ID refers to the identifier used by Elasticsearch, whereas
Name is the more user-friendly way to identify the watch. Refer to the
Watch definition documentation for the Watch JSON.
This screen allows you to override parts of the watch and then run a simulation of it.
Some implementation details on overrides:
After starting the simulation, the UI will show a results screen.
The possible simulation statuses for watches are:
Firing- The watch is currently triggered and is actively performing the associated actions.
Error- The watch is an error state and not properly working.
Ok- The watch is not actively firing but working properly.
Disabled- The watch will not fire under any circumstance.
For more information on the various fields in the response, please refer to the Elasticsearch docs.