ELK配置watcher
watcher的配置可参照:https://kibana.logstash.es/content/elasticsearch/other/watcher.html
-
SearchPhaseExecutionException[all shards failed]; nested: [Field data loading is forbidden on [filename]]; nested: IllegalStateException[Field data loading is forbidden on [filename]];
按照指南中操作后,transform中的查询会触发该错误,将字段名后追加.raw即可。该例中:filename =》 filename.raw
-
Likely root cause: expected '<document start>', but found BlockMappingStart
watcher的邮件配置请参照【https://www.elastic.co/guide/en/watcher/2.4/email-services.html】,追加到elasticsearch.yml文件后,watcher前必须加空格,否则启动elasticsearch将出错。
watcher.actions.email.service.account: work: profile: gmail email_defaults: from: 'John Doe <john.doe@host.domain>' bcc: archive@host.domain smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
-
watcher相关的api
## 查看watcher列表
GET .watches/_search
{
"fields" : [],
"query" : {"match_all" : { } }
}
## 查看watcher
GET _watcher/watch/ftp_file_status
## 取消激活watcher
PUT _watcher/watch/ftp_file_status/_deactivate
## 删除watcher
DELETE _watcher/watch/ftp_status