Run a watch | Elasticsearch API documentation (v8)

Run a watch Generally available

POST /_watcher/watch/{id}/_execute

This API can be used to force execution of the watch outside of its triggering logic or to simulate the watch execution for debugging purposes.

For testing and debugging purposes, you also have fine-grained control on how the watch runs. You can run the watch without running all of its actions or alternatively by simulating them. You can also force execution by ignoring the watch condition and control whether a watch record would be written to the watch history after it runs.

You can use the run watch API to run watches that are not yet registered by specifying the watch definition inline. This serves as great tool for testing and debugging your watches prior to adding them to Watcher.

When Elasticsearch security features are enabled on your cluster, watches are run with the privileges of the user that stored the watches. If your user is allowed to read index a, but not index b, then the exact same set of rules will apply during execution of a watch.

When using the run watch API, the authorization data of the user that called the API will be used as a base, instead of the information who stored the watch.

Required authorization

Cluster privileges: manage_watcher

Path parameters

id string Required

The watch identifier.

Query parameters

debug boolean

Defines whether the watch runs in debug mode.

application/json

Body

action_modes object

Determines how to handle the watch actions as part of the watch execution.
Hide action_modes attribute Show action_modes attribute object
- * string Additional properties
  
  Values are simulate, force_simulate, execute, force_execute, or skip.
alternative_input object

When present, the watch uses this object as a payload instead of executing its own input.
Hide alternative_input attribute Show alternative_input attribute object
- * object Additional properties
ignore_condition boolean

When set to true, the watch execution uses the always condition. This can also be specified as an HTTP parameter.
record_execution boolean

When set to true, the watch record representing the watch execution result is persisted to the .watcher-history index for the current time. In addition, the status of the watch is updated, possibly throttling subsequent runs. This can also be specified as an HTTP parameter.
simulated_actions object
Hide simulated_actions attributes Show simulated_actions attributes object
- actions array[string] Required
- all object Required
- use_all boolean Required
trigger_data object
Hide trigger_data attributes Show trigger_data attributes object
- scheduled_time string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
- triggered_time string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
watch object
Hide watch attributes Show watch attributes object
- actions object Required
  Hide actions attribute Show actions attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  action_type string
  
  Values are email, webhook, index, logging, slack, or pagerduty.
  
  condition object
  
  Hide condition attributes Show condition attributes object
  
  always object
  
  array_compare object
  
  Hide array_compare attribute Show array_compare attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  path string Required
  
  compare object
  
  Hide compare attribute Show compare attribute object
  
  * object Additional properties
  
  never object
  
  script object
  
  Hide script attributes Show script attributes object
  
  lang string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  source string
  
  id string
  
  foreach string
  
  max_iterations number
  
  name string
  
  throttle_period string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  throttle_period_in_millis number
  
  Time unit for milliseconds
  
  transform object
  
  Hide transform attributes Show transform attributes object
  
  chain array[object]
  
  script object
  
  Hide script attributes Show script attributes object
  
  lang string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  source string
  
  id string
  
  search object
  
  Hide search attributes Show search attributes object
  
  request object Required
  
  Hide request attributes Show request attributes object
  
  body object
  
  indices array[string]
  
  indices_options object
  
  Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
  
  search_type string
  
  Values are query_then_fetch or dfs_query_then_fetch.
  
  template object
  
  rest_total_hits_as_int boolean
  
  timeout string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  index object
  
  Hide index attributes Show index attributes object
  
  index string Required
  
  doc_id string
  
  refresh string
  
  Values are true, false, or wait_for.
  
  op_type string
  
  Values are index or create.
  
  timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  execution_time_field string
  
  Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
  
  logging object
  
  Hide logging attributes Show logging attributes object
  
  level string
  
  text string Required
  
  category string
  
  email object
  
  Hide email attributes Show email attributes object
  
  id string
  
  bcc string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  body object
  
  Hide body attributes Show body attributes object
  
  html string
  
  text string
  
  cc string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  from string
  
  priority string
  
  Values are lowest, low, normal, high, or highest.
  
  reply_to string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  sent_date string
  
  subject string Required
  
  to string | array[string] Required
  
  One of:
  string-1 string array-2 array[string]
  
  attachments object
  
  Hide attachments attribute Show attachments attribute object
  
  * object Additional properties
  
  pagerduty object
  
  Hide pagerduty attributes Show pagerduty attributes object
  
  account string
  
  attach_payload boolean Required
  
  client string
  
  client_url string
  
  contexts array[object]
  
  description string Required
  
  event_type string
  
  Values are trigger, resolve, or acknowledge.
  
  incident_key string Required
  
  proxy object
  
  Hide proxy attributes Show proxy attributes object
  
  host string
  
  port number
  
  slack object
  
  Hide slack attributes Show slack attributes object
  
  account string
  
  message object Required
  
  Hide message attributes Show message attributes object
  
  attachments array[object] Required
  
  dynamic_attachments object
  
  Hide dynamic_attachments attributes Show dynamic_attachments attributes object
  
  attachment_template object Required
  
  list_path string Required
  
  from string Required
  
  icon string
  
  text string Required
  
  to array[string] Required
  
  webhook object
  
  Hide webhook attributes Show webhook attributes object
  
  auth object
  
  Hide auth attribute Show auth attribute object
  
  basic object Required
  
  body string
  
  connection_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  headers object
  
  Hide headers attribute Show headers attribute object
  
  * string Additional properties
  
  host string
  
  method string
  
  Values are head, get, post, put, or delete.
  
  params object
  
  Hide params attribute Show params attribute object
  
  * string Additional properties
  
  path string
  
  port number
  
  proxy object
  
  Hide proxy attributes Show proxy attributes object
  
  host string Required
  
  port number Required
  
  read_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  scheme string
  
  Values are http or https.
  
  url string
- condition object Required
  Hide condition attributes Show condition attributes object
  
  always object
  
  array_compare object
  
  Hide array_compare attribute Show array_compare attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  path string Required
  
  compare object
  
  Hide compare attribute Show compare attribute object
  
  * object Additional properties
  
  never object
  
  script object
  
  Hide script attributes Show script attributes object
  
  lang string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  source string
  
  id string
- input object Required
  Hide input attributes Show input attributes object
  
  chain object
  
  Hide chain attribute Show chain attribute object
  
  inputs array[object] Required
  
  Hide inputs attribute Show inputs attribute object
  
  * object
  
  http object
  
  Hide http attributes Show http attributes object
  
  extract array[string]
  
  request object
  
  Hide request attributes Show request attributes object
  
  auth object
  
  Hide auth attribute Show auth attribute object
  
  basic object Required
  
  Hide basic attributes Show basic attributes object
  
  password string Required
  
  username string Required
  
  body string
  
  connection_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  headers object
  
  Hide headers attribute Show headers attribute object
  
  * string Additional properties
  
  host string
  
  method string
  
  Values are head, get, post, put, or delete.
  
  params object
  
  Hide params attribute Show params attribute object
  
  * string Additional properties
  
  path string
  
  port number
  
  proxy object
  
  Hide proxy attributes Show proxy attributes object
  
  host string Required
  
  port number Required
  
  read_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  scheme string
  
  Values are http or https.
  
  url string
  
  response_content_type string
  
  Values are json, yaml, or text.
  
  search object
  
  Hide search attributes Show search attributes object
  
  extract array[string]
  
  request object Required
  
  Hide request attributes Show request attributes object
  
  body object
  
  Hide body attribute Show body attribute object
  
  query object Required
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  indices array[string]
  
  indices_options object
  
  Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
  
  Hide indices_options attributes Show indices_options attributes object
  
  allow_no_indices boolean
  
  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
  
  expand_wildcards string | array[string]
  
  ignore_unavailable boolean
  
  If true, missing or closed indices are not included in the response.
  
  ignore_throttled boolean
  
  If true, concrete, expanded or aliased indices are ignored when frozen.
  
  search_type string
  
  Values are query_then_fetch or dfs_query_then_fetch.
  
  template object
  
  Hide template attributes Show template attributes object
  
  explain boolean
  
  id string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  profile boolean
  
  source string
  
  An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.
  
  rest_total_hits_as_int boolean
  
  timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  simple object
  
  Hide simple attribute Show simple attribute object
  
  * object Additional properties
- metadata object
  Hide metadata attribute Show metadata attribute object
  
  * object Additional properties
- status object
  Hide status attributes Show status attributes object
  
  actions object Required
  
  Hide actions attribute Show actions attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  ack object Required
  
  Hide ack attributes Show ack attributes object
  
  state string Required
  
  Values are awaits_successful_execution, ackable, or acked.
  
  timestamp string
  
  last_execution object
  
  Hide last_execution attributes Show last_execution attributes object
  
  successful boolean Required
  
  timestamp string
  
  reason string
  
  last_successful_execution object
  
  Hide last_successful_execution attributes Show last_successful_execution attributes object
  
  successful boolean Required
  
  timestamp string
  
  reason string
  
  last_throttle object
  
  Hide last_throttle attributes Show last_throttle attributes object
  
  reason string Required
  
  timestamp string
  
  last_checked string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  last_met_condition string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  state object Required
  
  Hide state attributes Show state attributes object
  
  active boolean Required
  
  timestamp string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  version number Required
  
  execution_state string
- throttle_period string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- throttle_period_in_millis number
  
  Time unit for milliseconds
- transform object
  Hide transform attributes Show transform attributes object
  
  chain array[object]
  
  script object
  
  Hide script attributes Show script attributes object
  
  lang string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  source string
  
  id string
  
  search object
  
  Hide search attributes Show search attributes object
  
  request object Required
  
  Hide request attributes Show request attributes object
  
  body object
  
  Hide body attribute Show body attribute object
  
  query object Required
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  External documentation
  
  indices array[string]
  
  indices_options object
  
  Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
  
  Hide indices_options attributes Show indices_options attributes object
  
  allow_no_indices boolean
  
  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
  
  expand_wildcards string | array[string]
  
  ignore_unavailable boolean
  
  If true, missing or closed indices are not included in the response.
  
  ignore_throttled boolean
  
  If true, concrete, expanded or aliased indices are ignored when frozen.
  
  search_type string
  
  Values are query_then_fetch or dfs_query_then_fetch.
  
  template object
  
  Hide template attributes Show template attributes object
  
  explain boolean
  
  id string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  profile boolean
  
  source string
  
  An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.
  
  rest_total_hits_as_int boolean
  
  timeout string Required
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
- trigger object Required
  Hide trigger attribute Show trigger attribute object
  
  schedule object
  
  Hide schedule attributes Show schedule attributes object
  
  timezone string
  
  cron string
  
  daily object
  
  Hide daily attribute Show daily attribute object
  
  at array[string | object] Required
  
  A time of day, expressed either as hh:mm, noon, midnight, or an hour/minutes structure.
  
  A time of day, expressed either as hh:mm, noon, midnight, or an hour/minutes structure.
  
  One of:
  ScheduleTimeOfDay string HourAndMinute object
  
  hourly object
  
  Hide hourly attribute Show hourly attribute object
  
  minute array[number] Required
  
  interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  monthly object | array[object]
  
  One of:
  TimeOfMonth object array-2 array[object]
  
  Hide attributes Show attributes object
  
  at array[string] Required
  
  on array[number] Required
  
  weekly object | array[object]
  
  One of:
  TimeOfWeek object array-2 array[object]
  
  Hide attributes Show attributes object
  
  at array[string] Required
  
  on array[string] Required
  
  Values are sunday, monday, tuesday, wednesday, thursday, friday, or saturday.
  
  yearly object | array[object]
  
  One of:
  TimeOfYear object array-2 array[object]
  
  Hide attributes Show attributes
  
  at array[string] Required
  
  int array[string] Required
  
  Values are january, february, march, april, may, june, july, august, september, october, november, or december.
  
  on array[number] Required
  
  Hide attributes Show attributes object
  
  at array[string] Required
  
  int array[string] Required
  
  Values are january, february, march, april, may, june, july, august, september, october, november, or december.
  
  on array[number] Required

Responses

200 application/json
Hide response attributes Show response attributes object
- _id string Required
- watch_record object Required
  
  Hide watch_record attributes Show watch_record attributes object
  
  condition object Required
  
  Hide condition attributes Show condition attributes object
  
  always object
  
  array_compare object
  
  Hide array_compare attribute Show array_compare attribute object
  
  * object Additional properties
  
  Hide * attribute Show * attribute object
  
  path string Required
  
  compare object
  
  Hide compare attribute Show compare attribute object
  
  * object Additional properties
  
  never object
  
  script object
  
  Hide script attributes Show script attributes object
  
  lang string
  
  params object
  
  Hide params attribute Show params attribute object
  
  * object Additional properties
  
  source string
  
  id string
  
  input object Required
  
  Hide input attributes Show input attributes object
  
  chain object
  
  Hide chain attribute Show chain attribute object
  
  inputs array[object] Required
  
  Hide inputs attribute Show inputs attribute object
  
  * object
  
  http object
  
  Hide http attributes Show http attributes object
  
  extract array[string]
  
  request object
  
  Hide request attributes Show request attributes object
  
  auth object
  
  Hide auth attribute Show auth attribute object
  
  basic object Required
  
  body string
  
  connection_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  headers object
  
  Hide headers attribute Show headers attribute object
  
  * string Additional properties
  
  host string
  
  method string
  
  Values are head, get, post, put, or delete.
  
  params object
  
  Hide params attribute Show params attribute object
  
  * string Additional properties
  
  path string
  
  port number
  
  proxy object
  
  Hide proxy attributes Show proxy attributes object
  
  host string Required
  
  port number Required
  
  read_timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  scheme string
  
  Values are http or https.
  
  url string
  
  response_content_type string
  
  Values are json, yaml, or text.
  
  search object
  
  Hide search attributes Show search attributes object
  
  extract array[string]
  
  request object Required
  
  Hide request attributes Show request attributes object
  
  body object
  
  Hide body attribute Show body attribute object
  
  query object Required
  
  An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
  
  indices array[string]
  
  indices_options object
  
  Controls how to deal with unavailable concrete indices (closed or missing), how wildcard expressions are expanded to actual indices (all, closed or open indices) and how to deal with wildcard expressions that resolve to no indices.
  
  Hide indices_options attributes Show indices_options attributes object
  
  allow_no_indices boolean
  
  If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.
  
  expand_wildcards string | array[string]
  
  ignore_unavailable boolean
  
  If true, missing or closed indices are not included in the response.
  
  ignore_throttled boolean
  
  If true, concrete, expanded or aliased indices are ignored when frozen.
  
  search_type string
  
  Values are query_then_fetch or dfs_query_then_fetch.
  
  template object
  
  Hide template attributes Show template attributes object
  
  explain boolean
  
  id string
  
  params object
  
  profile boolean
  
  source string
  
  An inline search template. Supports the same parameters as the search API's request body. Also supports Mustache variables. If no id is specified, this parameter is required.
  
  rest_total_hits_as_int boolean
  
  timeout string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  simple object
  
  Hide simple attribute Show simple attribute object
  
  * object Additional properties
  
  messages array[string] Required
  
  metadata object
  
  Hide metadata attribute Show metadata attribute object
  
  * object Additional properties
  
  node string Required
  
  result object Required
  
  Hide result attributes Show result attributes object
  
  actions array[object] Required
  
  Hide actions attributes Show actions attributes object
  
  email object
  
  Hide email attributes Show email attributes object
  
  account string
  
  message object Required
  
  reason string
  
  id string Required
  
  index object
  
  Hide index attribute Show index attribute object
  
  response object Required
  
  logging object
  
  Hide logging attribute Show logging attribute object
  
  logged_text string Required
  
  pagerduty object
  
  Hide pagerduty attributes Show pagerduty attributes object
  
  event object Required
  
  reason string
  
  request
  
  response object
  
  reason string
  
  slack object
  
  Hide slack attributes Show slack attributes object
  
  account string
  
  message object Required
  
  status string Required
  
  Values are success, failure, simulated, or throttled.
  
  type string Required
  
  Values are email, webhook, index, logging, slack, or pagerduty.
  
  webhook object
  
  Hide webhook attributes Show webhook attributes object
  
  request
  
  response object
  
  error object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  Hide error attributes Show error attributes object
  
  type string Required
  
  The type of error
  
  reason
  
  stack_trace string
  
  The server stack trace. Present only if the error_trace=true parameter was sent with the request.
  
  caused_by object
  
  Cause and details about a request failure. This class defines the properties common to all error types. Additional details are also provided, that depend on the error type.
  
  root_cause array[object]
  
  suppressed array[object]
  
  condition object Required
  
  Hide condition attributes Show condition attributes object
  
  met boolean Required
  
  status string Required
  
  Values are success, failure, simulated, or throttled.
  
  type string Required
  
  Values are always, never, script, compare, or array_compare.
  
  execution_duration number
  
  Time unit for milliseconds
  
  execution_time string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  input object Required
  
  Hide input attributes Show input attributes object
  
  payload object Required
  
  Hide payload attribute Show payload attribute object
  
  * object Additional properties
  
  status string Required
  
  Values are success, failure, simulated, or throttled.
  
  type string Required
  
  Values are http, search, or simple.
  
  state string Required
  
  Values are awaits_execution, checking, execution_not_needed, throttled, executed, failed, deleted_while_queued, or not_executed_already_queued.
  
  trigger_event object Required
  
  Hide trigger_event attributes Show trigger_event attributes object
  
  manual object Required
  
  Hide manual attribute Show manual attribute object
  
  schedule object
  
  Hide schedule attributes Show schedule attributes object
  
  scheduled_time string
  
  triggered_time string
  
  triggered_time string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  type string Required
  
  user string Required
  
  watch_id string Required
  
  status object
  
  Hide status attributes Show status attributes object
  
  actions object Required
  
  Hide actions attribute Show actions attribute object
  
  * object Additional properties
  
  Hide * attributes Show * attributes object
  
  ack object Required
  
  Hide ack attributes Show ack attributes object
  
  state string Required
  
  Values are awaits_successful_execution, ackable, or acked.
  
  timestamp
  
  last_execution object
  
  Hide last_execution attributes Show last_execution attributes object
  
  successful boolean Required
  
  timestamp
  
  reason string
  
  last_successful_execution object
  
  Hide last_successful_execution attributes Show last_successful_execution attributes object
  
  successful boolean Required
  
  timestamp
  
  reason string
  
  last_throttle object
  
  Hide last_throttle attributes Show last_throttle attributes object
  
  reason string Required
  
  timestamp
  
  last_checked string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  last_met_condition string | number
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  state object Required
  
  Hide state attributes Show state attributes object
  
  active boolean Required
  
  timestamp string | number Required
  
  A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.
  
  One of:
  DateTime string UnitMillis number
  
  Time unit for milliseconds
  
  version number Required
  
  execution_state string

POST /_watcher/watch/{id}/_execute

curl \
 --request POST 'http://api.example.com/_watcher/watch/{id}/_execute' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '"{\n  \"trigger_data\" : { \n    \"triggered_time\" : \"now\",\n    \"scheduled_time\" : \"now\"\n  },\n  \"alternative_input\" : { \n    \"foo\" : \"bar\"\n  },\n  \"ignore_condition\" : true, \n  \"action_modes\" : {\n    \"my-action\" : \"force_simulate\" \n  },\n  \"record_execution\" : true \n}"'

Request examples

Run `POST _watcher/watch/my_watch/_execute` to run a watch. The input defined in the watch is ignored and the `alternative_input` is used as the payload. The condition as defined by the watch is ignored and is assumed to evaluate to true. The `force_simulate` action forces the simulation of `my-action`. Forcing the simulation means that throttling is ignored and the watch is simulated by Watcher instead of being run normally.

{
  "trigger_data" : { 
    "triggered_time" : "now",
    "scheduled_time" : "now"
  },
  "alternative_input" : { 
    "foo" : "bar"
  },
  "ignore_condition" : true, 
  "action_modes" : {
    "my-action" : "force_simulate" 
  },
  "record_execution" : true 
}

Run `POST _watcher/watch/my_watch/_execute` and set a different mode for each action.

{
  "action_modes" : {
    "action1" : "force_simulate",
    "action2" : "skip"
  }
}

Run `POST _watcher/watch/_execute` to run a watch inline. All other settings for this API still apply when inlining a watch. In this example, while the inline watch defines a compare condition, during the execution this condition will be ignored.

{
  "watch" : {
    "trigger" : { "schedule" : { "interval" : "10s" } },
    "input" : {
      "search" : {
        "request" : {
          "indices" : [ "logs" ],
          "body" : {
            "query" : {
              "match" : { "message": "error" }
            }
          }
        }
      }
    },
    "condition" : {
      "compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
    },
    "actions" : {
      "log_error" : {
        "logging" : {
          "text" : "Found {{ctx.payload.hits.total}} errors in the logs"
        }
      }
    }
  }
}

Response examples (200)

A successful response from `POST _watcher/watch/my_watch/_execute`.

{
  "_id": "my_watch_0-2015-06-02T23:17:55.124Z", 
  "watch_record": { 
    "@timestamp": "2015-06-02T23:17:55.124Z",
    "watch_id": "my_watch",
    "node": "my_node",
    "messages": [],
    "trigger_event": {
      "type": "manual",
      "triggered_time": "2015-06-02T23:17:55.124Z",
      "manual": {
        "schedule": {
          "scheduled_time": "2015-06-02T23:17:55.124Z"
        }
      }
    },
    "state": "executed",
    "status": {
      "version": 1,
      "execution_state": "executed",
      "state": {
        "active": true,
        "timestamp": "2015-06-02T23:17:55.111Z"
      },
      "last_checked": "2015-06-02T23:17:55.124Z",
      "last_met_condition": "2015-06-02T23:17:55.124Z",
      "actions": {
        "test_index": {
          "ack": {
            "timestamp": "2015-06-02T23:17:55.124Z",
            "state": "ackable"
          },
          "last_execution": {
            "timestamp": "2015-06-02T23:17:55.124Z",
            "successful": true
          },
          "last_successful_execution": {
            "timestamp": "2015-06-02T23:17:55.124Z",
            "successful": true
          }
        }
      }
    },
    "input": {
      "simple": {
        "payload": {
          "send": "yes"
        }
      }
    },
    "condition": {
      "always": {}
    },
    "result": { 
      "execution_time": "2015-06-02T23:17:55.124Z",
      "execution_duration": 12608,
      "input": {
        "type": "simple",
        "payload": {
          "foo": "bar"
        },
        "status": "success"
      },
      "condition": {
        "type": "always",
        "met": true,
        "status": "success"
      },
      "actions": [
        {
          "id": "test_index",
          "index": {
            "response": {
              "index": "test",
              "version": 1,
              "created": true,
              "result": "created",
              "id": "AVSHKzPa9zx62AzUzFXY"
            }
          },
          "status": "success",
          "type": "index"
        }
      ]
    },
    "user": "test_admin" 
  }
}

Run a watch Generally available

Required authorization

Path parameters

Query parameters

Body

scheduled_time string | number Required

triggered_time string | number

bcc string | array[string]

cc string | array[string]

reply_to string | array[string]

to string | array[string] Required

last_checked string | number

last_met_condition string | number

timestamp string | number Required

monthly object | array[object]

weekly object | array[object]

yearly object | array[object]

Responses

execution_time string | number Required

triggered_time string | number Required

last_checked string | number

last_met_condition string | number

timestamp string | number Required