elasticsearch中新索引的电子邮件警报

ymzxtsji  于 2021-06-13  发布在  ElasticSearch
关注(0)|答案(0)|浏览(268)

我正在寻找一种方法,每当我的“警报索引”更新为新文档时,都会收到电子邮件警报。试图写一个观察者,但似乎有什么不对劲,我无法理解。

{    
  "trigger":    
  {    
    "schedule": { "interval": "10m" }    
  },    
  "input": {    
      "search": {    
         "requests": {    
             "search_type": "query_then_fetch",    
             "indices": [    
                 "alerts-index"    
                 ],    
             "types": [],    
             "body":{    
                 "size": 0,    
                 "query": {    
                     "bool": {    
                         "filter": [    
                             {    
                                 "range": {    
                                     "datum": {    
                                         "gte": "now-1m"    
                                     }    
                                 }    
                             }    
                             ]    
                     }    
             }    
         }    
      }    
  },    
  "condition": {    
    "compare": {    
        "ctx.payload.hits.total": {    
            "gte": 1    
    }    
  },    
  "actions": {    
    "email_admin": {    
      "email": {    
        "profile": "outlook",    
        "to": [    
          "xxxx@xxx.com"    
        ],    
        "subject": "Test alert-index | {{ctx.execution_time}}",    
        "body": {    
          "text": "Hi All this is a test mail"    
        }    
      }    
    }    
  }    
}    
}    
}

在运行这个我得到下面提到的错误
观察者:[parse\u exception]无法分析观察[abhi]的[search]输入。意外的令牌[start\u object]

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题