Index action
The index action type will index a document into Elasticsearch. See also the create index API.
Connector configuration
Index connectors have the following configuration properties:
Name
The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.
Index
The Elasticsearch index to be written to.
Refresh
Setting for the refresh policy for the write request.
Execution time field
This field will be automatically set to the time the alert condition was detected.
Preconfigured action type
my-index:
name: action-type-index
actionTypeId: .index
config:
index: .kibana
refresh: true
executionTimeField: somedate
config
defines the action type specific to the configuration and contains the following properties:
| A string that corresponds to Index. |
| A boolean that corresponds to Refresh. |
| A string that corresponds to Execution time field. |
Action configuration
Index actions have the following properties:
Document
The document to index in JSON format.
Example of the index document for Index Threshold alert:
{
"alert_id": "{{alertId}}",
"alert_name": "{{alertName}}",
"alert_instance_id": "{{alertInstanceId}}",
"context_message": "{{context.message}}"
}
Example of create test index using the API.
PUT test
{
"settings" : {
"number_of_shards" : 1
},
"mappings" : {
"_doc" : {
"properties" : {
"alert_id" : { "type" : "text" },
"alert_name" : { "type" : "text" },
"alert_instance_id" : { "type" : "text" },
"context_message": { "type" : "text" }
}
}
}
}