Unable to give condition to watcher for elasticsearch?

Question

I installed watcher and giving the condition. While giving the condition its giving me error that...

{"error":"WatcherException[failed to put watch [log_error_watch]]; nested: ScriptConditionValidationException[failed to compile script [return ctx.payload.hits.total > 5] with lang [groovy] of type [INLINE]]; nested: ScriptException[dynamic scripting for [groovy] disabled]; ","status":500}

What is dynamic scripting? Its giving me error that it is disabled. My condition to the watcher is as follows.

curl -XPUT 'http://localhost:9200/_watcher/watch/log_error_watch' -d '{
  "metadata" : { 
    "color" : "red"
  },
  "trigger" : { 
    "schedule" : {
      "interval" : "10s"
    }
  },
  "input" : { 
    "search" : {
      "request" : {
        "search_type" : "count",
        "indices" : "logs",
        "body" : {
          "query" : { "match" : { "status" : "error" } }
        }
      }
    }
  },
  "condition" : { 
    "script" : "return ctx.payload.hits.total > 5"
  },
  "transform" : { 
    "search" : {
        "request" : {
          "indices" : "logs",
          "body" : {
            "query" : { "match" : { "status" : "error" } }
          }
        }
    }
  },
  "actions" : { 
    "my_webhook" : {
      "webhook" : {
        "method" : "GET",
        "host" : "mylisteninghost",
        "port" : 9200,
        "path" : "/{{watch_id}}",
        "body" : "Encountered {{ctx.payload.hits.total}} errors"
      }
    },
    "email_administrator" : {
      "email" : {
        "to" : "[email protected]",
        "subject" : "Encountered {{ctx.payload.hits.total}} errors",
        "body" : "Too many error in the system, see attached data",
        "attach_data" : true,
        "priority" : "high"
      }
    }
  }
}'

Answer 1

You need to enable dynamic scripting in Elasticsearch: https://www.elastic.co/guide/en/watcher/current/condition.html#condition-script

A watch condition that evaluates a script. The default scripting language is groovy. You can use any of the scripting languages supported by Elasticsearch as long as the language supports evaluating expressions to Boolean values. Note that the mustache and expression languages are too limited to be used by this condition. For more information, see Scripting in the Elasticsearch Reference.

Important

You must explicitly enable dynamic scripts in elasticsearch.yml to use inline or indexed scripts.

And actually enabling dynamic scripting: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html#enable-dynamic-scripting

Answer 2

@andrei is right about how to enable dynamic scripting in Elasticsearch, and I was about to paste the same link.

However, based on the condition you specified, it looks like you don't actually need to use scripting at all! Watcher has a compare condition, which looks like a perfect fit:

https://www.elastic.co/guide/en/watcher/current/condition.html#condition-compare

In your case, the condition would look like this:

    {
  ...

  "condition" : {
    "compare" : {
      "ctx.payload.hits.total" : { 
        "gte" : 5 
      }
  }
  ...
}