This is a technical preview. Technical preview features are not fully supported, may not be functionally complete, and are not suitable for deployment in production. We encourage you to try them out and provide your feedback, good and bad, on the Search Guard forum. This will help us improve and add any features you might be missing.
Conditions are used to control the execution flow. A condition can be used anywhere in the execution chain for watches and actions.
A condition must return a boolean value. If the condition returns true, the execution continues. If the condition returns false, the execution is stopped.
In watches, a condition controls whether a certain value or threshold is reached, to decide whether the watch should continue execution.
In actions, conditions can be used to control if a certain action should be executed. For example, you can decide to send an email to an administrator if the error level in your log files is too high. In addition, if the error level stays high for a certain amount of time, you can send another email, escalating the issue to another person.
Currently, the following condition types are supported
- a condition that uses a Painless script