Watcher is a plugin for Elasticsearch that provides alerting and notification based on changes in your data.
Watcher installs in Elasticsearch as a plugin and provides an API for creating, managing and testing watches. A watch describes a single alert in Watcher, which can contain multiple notification actions.
At a high-level, a typical watch is built from four simple building blocks:
- schedule
Define the schedule on which to trigger the query and check the condition.
- Query
Specify the query to run as input to the condition. Watcher supports the full Elasticsearch query language, including aggregations.
- Condition
Define your condition to determine whether to execute the actions. You can use simple conditions (always true), or use scripting for more sophisticated scenarios.
- Actions
Define one or more actions, such as sending email, pushing data to 3rd party systems via webhook, or indexing the results of your query.
For more details: https://www.elastic.co/guide/en/watcher/current/index.html
