IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Index action
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Index action
editThe index action type will index a document into Elasticsearch. See also the create index API.
Connector configuration
editIndex connectors have the following configuration properties.
- Name
- The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.
- Index
- The Elasticsearch index to be written to.
- Refresh
- Setting for the refresh policy for the write request.
- Execution time field
- This field will be automatically set to the time the alert condition was detected.
Preconfigured action type
edit my-index:
name: action-type-index
actionTypeId: .index
config:
index: .kibana
refresh: true
executionTimeField: somedate
Config defines information for the action type.
-
index - A string that corresponds to Index.
-
refresh -
A boolean that corresponds to Refresh. Defaults to
false. -
executionTimeField - A string that corresponds to Execution time field.
Action configuration
editIndex actions have the following properties.
- Document
- The document to index in JSON format.
Example
editExample of the index document for Index Threshold alert:
{
"alert_id": "{{alertId}}",
"alert_name": "{{alertName}}",
"alert_instance_id": "{{alertInstanceId}}",
"context_message": "{{context.message}}"
}
Example of create test index using the API.
PUT test
{
"settings" : {
"number_of_shards" : 1
},
"mappings" : {
"properties" : {
"alert_id" : { "type" : "text" },
"alert_name" : { "type" : "text" },
"alert_instance_id" : { "type" : "text" },
"context_message": { "type" : "text" }
}
}
}