1. Home
  2. Elasticsearch Watcher Integration Guide – VictorOps

Elasticsearch Watcher Integration Guide – VictorOps

Elasticsearch is a distributed, RESTful search and analytics engine capable of solving a growing number of use cases.  Watcher is a plugin for Elasticsearch that provides alerting and notification based on changes in your data.  The following guide will walk you through this integration.

In VictorOps

From the VictorOps web portal, select Settings, then Alert Behavior, then Integrations.

Select the Elastic Watcher integration option.

Copy the Service API Key to the clipboard.

In Elasticsearch Watcher

From the command line, verify that Watcher is running on your server:

curl -XGET 'http://localhost:9200/_watcher/stats?pretty'

You should get a response showing "watcher_state": "started":

 "watcher_state" : "started",
 "watch_count" : 5,
 "execution_thread_pool" : {
 "queue_size" : 0,
 "max_size" : 10
 "manually_stopped" : false

Send a PUT request to the watch API to register a new watch or update an existing watch.  This example uses curl to create a watch that sends an alert to VictorOps every 60 seconds so that you can confirm the integration is working.  Make sure to replace $service_api_key with your Service API Key from the “In VictorOps” section and to replace $routing_key with the routing key you intend to use.

curl -XPUT 'http://localhost:9200/_watcher/watch/cluster_health_watch' -d '{
 "trigger" : {
 "schedule" : { "interval" : "60s" }
 "input" : {
 "http" : {
 "request" : {
 "host" : "localhost",
 "port" : 9200,
 "path" : "/_cluster/health"
 "condition" : {
 "always" : {}
 "actions" : {
 "victorops" : {
 "webhook" : {
 "scheme" : "https",
 "method" : "POST",
 "host" : "alert.victorops.com",
 "port" : 443,
 "path" : "/integrations/generic/20131114/alert/$service_api_key/$routing_key",
 "body" : "{\"message_type\": \"CRITICAL\",\"monitoring_tool\": \"Elastic Watcher\",\"entity_id\": \"{{ctx.id}}\",\"entity_display_name\": \"{{ctx.watch_id}}\",\"state_message\": \"{{ctx.watch_id}}\",\"elastic_watcher_payload\": {{#toJson}}ctx.payload{{/toJson}} }",
 "headers" : {"Content-type": "application/json"}

The “actions” section of the JSON object configures Watcher to send alerts to VictorOps, the rest of the object is where you configure the conditions that trigger the alerts to be sent.  Confirm that you see an alert in the VictorOps timeline.

You have completed setting up this integration.  If you have any questions, please contact VictorOps support.

Updated on June 9, 2017

Was this article helpful?