sentinl: fail to get watcher
1. Sentinl and Kibana version
Kibana 6.2.2 Sentinl 6.2.2
2. Issue description
fail to get watcher 1e0eb200-3660-11e8-8ee6-2d3b42c859e8
3. Reproducing the issue step-by-step
Try to make a new watcher and run it
5. Sample of data
My watcher
{
"actions": {
"New slack action 6cjr3lh2p4g": {
"throttle_period": "0h0m5s",
"slack": {
"channel": "#appisphera_sentinl",
"message": "-------------------------------------\n*Anomalias de las ultimas 6 horas en Bitcoins*:\n\n*Anomalias:*\n\n{{#payload.hits.hits}}\n\n{{#_source}}\n- {{timestamp}} : {{last}} E , {{volume}} volumen\n{{/_source}}\n\n{{/payload.hits.hits}}\n--------------------------------------",
"stateless": false
}
}
},
"input": {
"search": {
"request": {
"index": [
"cripto_anomalias"
],
"body": {
"size": 70,
"query": {
"term": {
"alert": false
}
},
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total > 0"
}
},
"transform": {
"script": {
"script": "var json = payload.hits.hits;var rawData = [];json.forEach(function (item) {rawData.push(item._source);});rawData.forEach(function(value, number, array){value.timestamp = (new Date(value.timestamp*1000).toLocaleString();});payload.hits.hits = json;"
}
},
"trigger": {
"schedule": {
"later": "every 5 minutes"
}
},
"disable": false,
"report": false,
"title": "deteccionAnomalias"
}
6. Additional details
Check if exsist:
GET /.kibana/_search
{
"size": 60,
"query": {
"term":{
"_id": "sentinl-watcher:1e0eb200-3660-11e8-8ee6-2d3b42c859e8"
}
}
}
Return
{
"took": 0,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 1,
"hits": [
{
"_index": ".kibana",
"_type": "doc",
"_id": "sentinl-watcher:1e0eb200-3660-11e8-8ee6-2d3b42c859e8",
"_score": 1,
"_source": {
"type": "sentinl-watcher",
"updated_at": "2018-04-02T11:12:46.348Z",
"sentinl-watcher": {
"title": "deteccionAnomalias",
"input": {
"search": {
"request": {
"index": [
"cripto_anomalias"
],
"body": {
"size": 70,
"query": {
"term": {
"alert": false
}
},
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"actions": {
"New slack action 6cjr3lh2p4g": {
"throttle_period": "0h0m2s",
"slack": {
"channel": "#appisphera_sentinl",
"message": "-------------------------------------\n*Anomalias de las ultimas 6 horas en Bitcoins*:\n\n*Anomalias:*\n\n{{#payload.hits.hits}}\n\n{{#_source}}\n- {{timestamp}} : {{last}} E , {{volume}} volumen\n{{/_source}}\n\n{{/payload.hits.hits}}\n--------------------------------------",
"stateless": false
}
}
},
"transform": {
"script": {
"script": "var json = payload.hits.hits;var rawData = [];json.forEach(function (item) {rawData.push(item._source);});rawData.forEach(function(value, number, array){value.timestamp = (new Date(value.timestamp*1000).toLocaleString();});payload.hits.hits = json;"
}
},
"condition": {
"script": {
"script": "payload.hits.total > 0"
}
},
"report": false,
"disable": true,
"trigger": {
"schedule": {
"later": "every 5 minutes"
}
}
}
}
}
]
}
}
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 22 (12 by maintainers)
Commits related to this issue
- Merge pull request #385 from sirensolutions/issue-383 Fix for condition and transform — committed to rpatil524/sentinl by sergibondarenko 7 years ago
Then why do you have the authentication enabled in Sentinl? Switch it off: