WARNING: Version 6.2 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Create Advanced Watch
editCreate Advanced Watch
editAdvanced watches are for people who are more familiar with Elasticsearch query syntax and the watcher framework overall. The creation UI is more closely aligned with using the REST apis directly. For more information, see Elasticsearch query DSL.
To create a new advanced watch:
Advanced Watch UI
editThis screen lets you define the core properties of an advanced watch.
The ID
refers to the identifier used by Elasticsearch, whereas Name
is the more user-friendly way to identify the watch. Refer to the
Watch definition documentation for the Watch JSON.
Simulate
editThis screen allows you to override parts of the watch and then run a simulation of it.
Some implementation details on overrides:
- Trigger overrides use date math
-
Input override accepts a JSON blob that overrides the
input
. - Condition overrides is just a checkbox to indicate if you want to force the condition to always be true.
- Action overrides support multiple options, which are explained here
Simulated
editAfter starting the simulation, the UI will show a results screen.
The possible simulation statuses for watches are:
-
Firing
- The watch is currently triggered and is actively performing the associated actions. -
Error
- The watch is an error state and not properly working. -
Ok
- The watch is not actively firing but working properly. -
Disabled
- The watch will not fire under any circumstance.
For more information on the various fields in the response, please refer to the Elasticsearch docs.