1. Home
  2. Integrations
  3. Elasticsearch Watcher Integration Guide – VictorOps

Elasticsearch Watcher Integration Guide – VictorOps

Elasticsearch is a distributed, RESTful search and analytics engine capable of solving a growing number of use cases.  Watcher is a plugin for Elasticsearch that provides alerting and notification based on changes in your data.  The following guide will walk you through this integration.

In VictorOps

From the VictorOps web portal, select Settings, then Alert Behavior, then Integrations.

Select the Elastic Watcher integration option.

Copy the Service API Key to the clipboard.

Using Kibana

Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, it also provides a friendly user interface by which you can configure your Watch. From the Elastic Cloud homepage, navigate to Kibana — you may need to first enable it.

Log in to Kibana and navigate to Management > Watcher

and then create a new Advanced Watch.

Under this watch, configure the action object to look like the following. Note that triggers, inputs or conditions will be up to the user to decide themselves, based off of the types of alerts they wish to send to VictorOps. Be sure to replace $service_api_key and $routing_key with the appropriate values for your organization.

"actions": {
    "victorops": {
      "webhook": {
        "scheme": "https",
        "host": "alert.victorops.com",
        "port": 443,
        "method": "post",
        "path": "/integrations/generic/20131114/alert/$service_api_key/$routing_key",
        "params": {},
        "headers": {
          "Content-type": "application/json"
        "body": "{\"message_type\": \"CRITICAL\",\"monitoring_tool\": \"Elastic Watcher\",\"entity_id\": \"{{ctx.id}}\",\"entity_display_name\": \"{{ctx.watch_id}}\",\"state_message\": \"{{ctx.watch_id}}\",\"elastic_watcher_payload\": {{#toJson}}ctx.payload{{/toJson}} }"

In Elasticsearch Watcher

From the command line, verify that Watcher is running on your server:

curl -XGET 'http://localhost:9200/_watcher/stats?pretty'

You should get a response showing "watcher_state": "started":

 "watcher_state" : "started",
 "watch_count" : 5,
 "execution_thread_pool" : {
 "queue_size" : 0,
 "max_size" : 10
 "manually_stopped" : false

Send a PUT request to the watch API to register a new watch or update an existing watch.  This example uses curl to create a watch that sends an alert to VictorOps every 60 seconds so that you can confirm the integration is working.  Make sure to replace $service_api_key with your Service API Key from the “In VictorOps” section and to replace $routing_key with the routing key you intend to use.

curl -XPUT 'http://localhost:9200/_watcher/watch/cluster_health_watch' -d '{
 "trigger" : {
 "schedule" : { "interval" : "60s" }
 "input" : {
 "http" : {
 "request" : {
 "host" : "localhost",
 "port" : 9200,
 "path" : "/_cluster/health"
 "condition" : {
 "always" : {}
 "actions" : {
 "victorops" : {
 "webhook" : {
 "scheme" : "https",
 "method" : "POST",
 "host" : "alert.victorops.com",
 "port" : 443,
 "path" : "/integrations/generic/20131114/alert/$service_api_key/$routing_key",
 "body" : "{\"message_type\": \"CRITICAL\",\"monitoring_tool\": \"Elastic Watcher\",\"entity_id\": \"{{ctx.id}}\",\"entity_display_name\": \"{{ctx.watch_id}}\",\"state_message\": \"{{ctx.watch_id}}\",\"elastic_watcher_payload\": {{#toJson}}ctx.payload{{/toJson}} }",
 "headers" : {"Content-type": "application/json"}

The “actions” section of the JSON object configures Watcher to send alerts to VictorOps, the rest of the object is where you configure the conditions that trigger the alerts to be sent.  Confirm that you see an alert in the VictorOps timeline.

You have completed setting up this integration.  If you have any questions, please contact VictorOps support.

Updated on June 19, 2018

Was this article helpful?

Related Articles