Create Advanced Watch

Advanced watches are for people who are more familiar with Elasticsearch query syntax and the watcher framework overall. The creation UI is more closely aligned with using the REST apis directly. Please reference the Elasticsearch query DSL for more information.

To create a new advanced watch:

  1. Select the Create new watch button Create a Watch
  2. Select Advanced Watch

Advanced Watch UI

This screen lets you define the core properties of an advanced watch.

Create Advanced Watch

The ID refers to the identifier used by Elasticsearch, whereas Name is the more user-friendly way to identify the watch. Refer to the Watch definition documentation for the Watch JSON.

Simulate

Simulate Advanced Watch

This screen allows you to override parts of the watch and then run a simulation of it.

Some implementation details on overrides:

  • Trigger overrides use date math
  • Input override accepts a JSON blob that overrides the input.
  • Condition overrides is just a checkbox to indicate if you want to force the condition to always be true.
  • Action overrides support multiple options, which are explained here

Simulated

After starting the simulation, the UI will show a results screen.

Simulated Advanced Watch

The possible simulation statuses for watches are:

  • Firing - The watch is currently triggered and is actively performing the associated actions.
  • Error - The watch is an error state and not properly working.
  • Ok - The watch is not actively firing but working properly.
  • Disabled - The watch will not fire under any circumstance.

For more information on the various fields in the response, please refer to the Elasticsearch docs.