Get Watch API
Endpoint
GET /_signals/watch/{tenant}/{watch_id}
Retrieves the configuration of a watch identified by the {watch_id}
path parameter.
Path Parameters
{tenant}: The name of the tenant which contains the watch to be retrieved. _main
refers to the default tenant. Users of the community edition will can only use _main
here.
{watch_id} The id of the watch to be retrieved. Required.
Responses
200 OK
The watch exists and the user has sufficient privileges to access it.
The return document is structured like an ElasticSearch GetDocument response with the watch configuration in the _source
element. See example below.
403 Forbidden
The user does not have the required to access the endpoint for the selected tenant.
404 Not found
A watch with the given id does not exist for the selected tenant.
Permissions
To access the endpoint, the user needs to have the privilege cluster:admin:searchguard:tenant:signals:watch/get
for the currently selected tenant.
This permission is included in the following built-in action groups:
- SGS_SIGNALS_ALL
- SGS_SIGNALS_WATCH_MANAGE
- SGS_SIGNALS_WATCH_READ
Examples
GET /_signals/watch/_main/bad_weather
Response
200 OK
{
"_id": "_main/bad_weather",
"_tenant": "main",
"found": true,
"_version": 6,
"_seq_no": 6,
"_primary_term": 5,
"_source": {
"checks": [
{
"type": "search",
"name": "bad_weather_flights",
"target": "bad_weather_flights",
"request": {
"indices": [
"kibana_sample_data_flights"
],
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"default_field": "DestWeather",
"query": "*hunder* OR *ightning*"
}
},
{
"range": {
"timestamp": {
"gte": "now-4h",
"lte": "now"
}
}
}
]
}
}
}
}
},
{
"type": "condition.script",
"source": "data.bad_weather_flights.hits.hits.length > 10"
}
],
"active": true,
"_meta": {
"last_edit": {
"user": "admin",
"date": "2019-09-02T06:33:30.919Z"
}
},
"trigger": {
"schedule": {
"timezone": "Europe/Berlin",
"cron": [
"0 */1 * * * ?"
]
}
},
"log_runtime_data": false,
"actions": [
{
"type": "email",
"name": "email",
"throttle_period": "1h",
"account": "default_mail",
"to": [
"notify@example.com"
],
"subject": "Bad destination weather for flights over last !",
"text_body": "Time: \n Flight Number: \n Origin: \n Destination: "
}
]
}
}