Run a watch

PUT /_watcher/watch/{id}/_execute
Api key auth Basic auth Bearer auth

This API can be used to force execution of the watch outside of its triggering logic or to simulate the watch execution for debugging purposes.

For testing and debugging purposes, you also have fine-grained control on how the watch runs. You can run the watch without running all of its actions or alternatively by simulating them. You can also force execution by ignoring the watch condition and control whether a watch record would be written to the watch history after it runs.

You can use the run watch API to run watches that are not yet registered by specifying the watch definition inline. This serves as great tool for testing and debugging your watches prior to adding them to Watcher.

When Elasticsearch security features are enabled on your cluster, watches are run with the privileges of the user that stored the watches. If your user is allowed to read index a, but not index b, then the exact same set of rules will apply during execution of a watch.

When using the run watch API, the authorization data of the user that called the API will be used as a base, instead of the information who stored the watch.

Path parameters

  • id string Required

    The watch identifier.

Query parameters

  • debug boolean

    Defines whether the watch runs in debug mode.

application/json

Body

  • action_modes object

    Determines how to handle the watch actions as part of the watch execution.

    Hide action_modes attribute Show action_modes attribute object
    • * string Additional properties

      Values are simulate, force_simulate, execute, force_execute, or skip.

  • alternative_input object

    When present, the watch uses this object as a payload instead of executing its own input.

    Hide alternative_input attribute Show alternative_input attribute object
    • * object Additional properties
  • ignore_condition boolean

    When set to true, the watch execution uses the always condition. This can also be specified as an HTTP parameter.

  • record_execution boolean

    When set to true, the watch record representing the watch execution result is persisted to the .watcher-history index for the current time. In addition, the status of the watch is updated, possibly throttling subsequent runs. This can also be specified as an HTTP parameter.

  • simulated_actions object
    Hide simulated_actions attributes Show simulated_actions attributes object
  • trigger_data object
    Hide trigger_data attributes Show trigger_data attributes object

    • scheduled_time string | number Required

      A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

      One of:
      DateTime string UnitMillis number

      Time unit for milliseconds

    • triggered_time string | number

      A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

      One of:
      DateTime string UnitMillis number

      Time unit for milliseconds

  • watch object
    Hide watch attributes Show watch attributes object
    • actions object Required
      Hide actions attribute Show actions attribute object
    • condition object Required
      Hide condition attributes Show condition attributes object
      • always object
      • array_compare object
        Hide array_compare attribute Show array_compare attribute object
        • * object Additional properties
          Hide * attribute Show * attribute object
      • compare object
        Hide compare attribute Show compare attribute object
        • * object Additional properties
      • never object
      • script object
        Hide script attributes Show script attributes object

        • lang string

          Any of:
          ScriptLanguage string ScriptLanguage string

          Values are painless, expression, mustache, or java.

        • params object
          Hide params attribute Show params attribute object
          • * object Additional properties

        • source string | object

          One of:
          ScriptSource string SearchRequestBody object
        • id string
    • input object Required
      Hide input attributes Show input attributes object
      • chain object
        Hide chain attribute Show chain attribute object
        • inputs array[object] Required
          Hide inputs attribute Show inputs attribute object
      • http object
        Hide http attributes Show http attributes object
        • extract array[string]
        • request object
          Hide request attributes Show request attributes object
          • auth object
            Hide auth attribute Show auth attribute object
          • body string
          • connection_timeout string

            A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

          • headers object
            Hide headers attribute Show headers attribute object
            • * string Additional properties
          • host string
          • method string

            Values are head, get, post, put, or delete.

          • params object
            Hide params attribute Show params attribute object
            • * string Additional properties
          • path string
          • port number
          • proxy object
            Hide proxy attributes Show proxy attributes object
          • read_timeout string

            A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

          • scheme string

            Values are http or https.

          • url string
        • response_content_type string

          Values are json, yaml, or text.

      • search object
        Hide search attributes Show search attributes object
        • extract array[string]
        • request object Required
          Hide request attributes Show request attributes object
          • body object
            Hide body attribute Show body attribute object
          • indices array[string]
          • indices_options object
            Hide indices_options attributes Show indices_options attributes object
            • allow_no_indices boolean

              If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

            • expand_wildcards string | array[string]
            • ignore_unavailable boolean

              If true, missing or closed indices are not included in the response.

            • ignore_throttled boolean

              If true, concrete, expanded or aliased indices are ignored when frozen.

          • search_type string

            Values are query_then_fetch or dfs_query_then_fetch.

          • template object
            Hide template attributes Show template attributes object
            • explain boolean
            • id string
            • params object
              Hide params attribute Show params attribute object
              • * object Additional properties
            • profile boolean
            • source string

              An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.

          • rest_total_hits_as_int boolean
        • timeout string

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • simple object
        Hide simple attribute Show simple attribute object
        • * object Additional properties
    • metadata object
      Hide metadata attribute Show metadata attribute object
      • * object Additional properties
    • status object
      Hide status attributes Show status attributes object
    • throttle_period string

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • throttle_period_in_millis number

      Time unit for milliseconds

    • transform object
      Hide transform attributes Show transform attributes object
      • chain array[object]
      • script object
        Hide script attributes Show script attributes object
        • lang string
        • params object
          Hide params attribute Show params attribute object
          • * object Additional properties

        • source string | object

          One of:
          ScriptSource string SearchRequestBody object
        • id string
      • search object
        Hide search attributes Show search attributes object
        • request object Required
          Hide request attributes Show request attributes object
          • body object
            Hide body attribute Show body attribute object
          • indices array[string]
          • indices_options object
            Hide indices_options attributes Show indices_options attributes object
            • allow_no_indices boolean

              If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

            • expand_wildcards string | array[string]
            • ignore_unavailable boolean

              If true, missing or closed indices are not included in the response.

            • ignore_throttled boolean

              If true, concrete, expanded or aliased indices are ignored when frozen.

          • search_type string

            Values are query_then_fetch or dfs_query_then_fetch.

          • template object
            Hide template attributes Show template attributes object
            • explain boolean
            • id string
            • params object
              Hide params attribute Show params attribute object
              • * object Additional properties
            • profile boolean
            • source string

              An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.

          • rest_total_hits_as_int boolean
        • timeout string Required

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • trigger object Required
      Hide trigger attribute Show trigger attribute object
      • schedule object
        Hide schedule attributes Show schedule attributes object
        • timezone string
        • cron string
        • daily object
          Hide daily attribute Show daily attribute object
        • hourly object
          Hide hourly attribute Show hourly attribute object
        • interval string

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

        • monthly object | array[object]

          One of:
          TimeOfMonth object array-2 array[object]
          Hide attributes Show attributes object
          • at array[string] Required
          • on array[number] Required

        • weekly object | array[object]

          One of:
          TimeOfWeek object array-2 array[object]
          Hide attributes Show attributes object
          • at array[string] Required
          • on array[string] Required

            Values are sunday, monday, tuesday, wednesday, thursday, friday, or saturday.

        • yearly object | array[object]

          One of:
          TimeOfYear object array-2 array[object]
          Hide attributes Show attributes object
          • at array[string] Required
          • int array[string] Required

            Values are january, february, march, april, may, june, july, august, september, october, november, or december.

          • on array[number] Required

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • _id string Required
    • watch_record object Required
      Hide watch_record attributes Show watch_record attributes object
      • condition object Required
        Hide condition attributes Show condition attributes object
        • always object
        • array_compare object
          Hide array_compare attribute Show array_compare attribute object
          • * object Additional properties
            Hide * attribute Show * attribute object
        • compare object
          Hide compare attribute Show compare attribute object
          • * object Additional properties
        • never object
        • script object
          Hide script attributes Show script attributes object

          • lang string

            Any of:
            ScriptLanguage string ScriptLanguage string

            Values are painless, expression, mustache, or java.

          • params object
            Hide params attribute Show params attribute object
            • * object Additional properties

          • source string | object

            One of:
            ScriptSource string SearchRequestBody object
          • id string
      • input object Required
        Hide input attributes Show input attributes object
        • chain object
          Hide chain attribute Show chain attribute object
          • inputs array[object] Required
            Hide inputs attribute Show inputs attribute object
        • http object
          Hide http attributes Show http attributes object
          • extract array[string]
          • request object
            Hide request attributes Show request attributes object
            • auth object
              Hide auth attribute Show auth attribute object
            • body string
            • connection_timeout string

              A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

            • headers object
              Hide headers attribute Show headers attribute object
              • * string Additional properties
            • host string
            • method string

              Values are head, get, post, put, or delete.

            • params object
              Hide params attribute Show params attribute object
              • * string Additional properties
            • path string
            • port number
            • proxy object
              Hide proxy attributes Show proxy attributes object
            • read_timeout string

              A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

            • scheme string

              Values are http or https.

            • url string
          • response_content_type string

            Values are json, yaml, or text.

        • search object
          Hide search attributes Show search attributes object
          • extract array[string]
          • request object Required
            Hide request attributes Show request attributes object
            • body object
              Hide body attribute Show body attribute object
              • query object Required

                An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.

            • indices array[string]
            • indices_options object
              Hide indices_options attributes Show indices_options attributes object
              • allow_no_indices boolean

                If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

              • expand_wildcards string | array[string]
              • ignore_unavailable boolean

                If true, missing or closed indices are not included in the response.

              • ignore_throttled boolean

                If true, concrete, expanded or aliased indices are ignored when frozen.

            • search_type string

              Values are query_then_fetch or dfs_query_then_fetch.

            • template object
              Hide template attributes Show template attributes object
              • explain boolean
              • id string
              • params object
              • profile boolean
              • source string

                An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.

            • rest_total_hits_as_int boolean
          • timeout string

            A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

        • simple object
          Hide simple attribute Show simple attribute object
          • * object Additional properties
      • messages array[string] Required
      • metadata object
        Hide metadata attribute Show metadata attribute object
        • * object Additional properties
      • node string Required
      • result object Required
        Hide result attributes Show result attributes object
        • actions array[object] Required
          Hide actions attributes Show actions attributes object
        • condition object Required
          Hide condition attributes Show condition attributes object
          • met boolean Required
          • status string Required

            Values are success, failure, simulated, or throttled.

          • type string Required

            Values are always, never, script, compare, or array_compare.

        • execution_duration number

          Time unit for milliseconds

        • execution_time string | number Required

          A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

          One of:
          DateTime string UnitMillis number

          Time unit for milliseconds

        • input object Required
          Hide input attributes Show input attributes object
          • payload object Required
            Hide payload attribute Show payload attribute object
            • * object Additional properties
          • status string Required

            Values are success, failure, simulated, or throttled.

          • type string Required

            Values are http, search, or simple.

      • state string Required

        Values are awaits_execution, checking, execution_not_needed, throttled, executed, failed, deleted_while_queued, or not_executed_already_queued.

      • trigger_event object Required
        Hide trigger_event attributes Show trigger_event attributes object
      • user string Required
      • watch_id string Required
      • status object
        Hide status attributes Show status attributes object
PUT /_watcher/watch/{id}/_execute 
curl \
 --request PUT 'http://api.example.com/_watcher/watch/{id}/_execute' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"trigger_data\" : { \n    \"triggered_time\" : \"now\",\n    \"scheduled_time\" : \"now\"\n  },\n  \"alternative_input\" : { \n    \"foo\" : \"bar\"\n  },\n  \"ignore_condition\" : true, \n  \"action_modes\" : {\n    \"my-action\" : \"force_simulate\" \n  },\n  \"record_execution\" : true \n}"'
Request examples
Run `POST _watcher/watch/my_watch/_execute` to run a watch. The input defined in the watch is ignored and the `alternative_input` is used as the payload. The condition as defined by the watch is ignored and is assumed to evaluate to true. The `force_simulate` action forces the simulation of `my-action`. Forcing the simulation means that throttling is ignored and the watch is simulated by Watcher instead of being run normally. 
{
  "trigger_data" : { 
    "triggered_time" : "now",
    "scheduled_time" : "now"
  },
  "alternative_input" : { 
    "foo" : "bar"
  },
  "ignore_condition" : true, 
  "action_modes" : {
    "my-action" : "force_simulate" 
  },
  "record_execution" : true 
}
Run `POST _watcher/watch/my_watch/_execute` and set a different mode for each action. 
{
  "action_modes" : {
    "action1" : "force_simulate",
    "action2" : "skip"
  }
}
Run `POST _watcher/watch/_execute` to run a watch inline. All other settings for this API still apply when inlining a watch. In this example, while the inline watch defines a compare condition, during the execution this condition will be ignored. 
{
  "watch" : {
    "trigger" : { "schedule" : { "interval" : "10s" } },
    "input" : {
      "search" : {
        "request" : {
          "indices" : [ "logs" ],
          "body" : {
            "query" : {
              "match" : { "message": "error" }
            }
          }
        }
      }
    },
    "condition" : {
      "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
    },
    "actions" : {
      "log_error" : {
        "logging" : {
          "text" : "Found {{ctx.payload.hits.total}} errors in the logs"
        }
      }
    }
  }
}
Response examples (200)
A successful response from `POST _watcher/watch/my_watch/_execute`. 
{
  "_id": "my_watch_0-2015-06-02T23:17:55.124Z", 
  "watch_record": { 
    "@timestamp": "2015-06-02T23:17:55.124Z",
    "watch_id": "my_watch",
    "node": "my_node",
    "messages": [],
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2015-06-02T23:17:55.124Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2015-06-02T23:17:55.124Z"
        }
      }
    },
    "state": "executed",
    "status": {
      "version": 1,
      "execution_state": "executed",
      "state": {
        "active": true,
        "timestamp": "2015-06-02T23:17:55.111Z"
      },
      "last_checked": "2015-06-02T23:17:55.124Z",
      "last_met_condition": "2015-06-02T23:17:55.124Z",
      "actions": {
        "test_index": {
          "ack": {
            "timestamp": "2015-06-02T23:17:55.124Z",
            "state": "ackable"
          },
          "last_execution": {
            "timestamp": "2015-06-02T23:17:55.124Z",
            "successful": true
          },
          "last_successful_execution": {
            "timestamp": "2015-06-02T23:17:55.124Z",
            "successful": true
          }
        }
      }
    },
    "input": {
      "simple": {
        "payload": {
          "send": "yes"
        }
      }
    },
    "condition": {
      "always": {}
    },
    "result": { 
      "execution_time": "2015-06-02T23:17:55.124Z",
      "execution_duration": 12608,
      "input": {
        "type": "simple",
        "payload": {
          "foo": "bar"
        },
        "status": "success"
      },
      "condition": {
        "type": "always",
        "met": true,
        "status": "success"
      },
      "actions": [
        {
          "id": "test_index",
          "index": {
            "response": {
              "index": "test",
              "version": 1,
              "created": true,
              "result": "created",
              "id": "AVSHKzPa9zx62AzUzFXY"
            }
          },
          "status": "success",
          "type": "index"
        }
      ]
    },
    "user": "test_admin" 
  }
}