Log created by custom watcher by "indexing action" , not visible in kibana observability log/stream

273 Views Asked by mrin9san At 20 March 2023 at 14:11

I have made a custom watcher with indexing action. For this i created a index watcher-index using

PUT /watcher-index
{
  settings:{
    number_of_shards:3,
    number_of_replicas:1
  },
  "mappings":{
    "_default_":{
      "@timestamp":{
        "enabled":true,
        "store":true
      }
    }
  }
}

I mentioned in particular that @timestamp should be a default field. Now I mentioned the same in watcher definition -

{
  "actions":{
    "index":{
      "index":"watcher-index"
    }
  }
}

Action runs successfully and document is created as I can see by GET /watcher-index/_search. However, it does not display in kibana observability log/stream. A GET /watcher-index/_search{"query":{"match":{"field":"@timestamp"}}} returns 0 hits:[]. How can I solve this issue? I am using version-8.6.2.

Original Q&A

There are 1 best solutions below

Musab Dogan On 20 March 2023 at 14:30

Your query is looking for field name field and the value @timestamp.

Check with the following.

GET /watcher-index/_search
{
  "query": {
    "exists": {
      "field": "@timestamp"
    }
  }
}

If you want to see your data in the observability section the index name needs to start with the following parameters.

logs-*,filebeat-*,kibana_sample_data_logs*

You can update it with the observability settings.

Log created by custom watcher by "indexing action" , not visible in kibana observability log/stream

There are 1 best solutions below

Related Questions in ELASTICSEARCH

Related Questions in KIBANA

Related Questions in ELASTIC-STACK

Related Questions in ELASTICSEARCH-WATCHER

Trending Questions

Popular # Hahtags

Popular Questions