ELK配置watcher

watcher的配置可參照：https://kibana.logstash.es/content/elasticsearch/other/watcher.html

• SearchPhaseExecutionException[all shards failed]; nested: [Field data loading is forbidden on [filename]]; nested: IllegalStateException[Field data loading is forbidden on [filename]];

按照指南中操做後，transform中的查詢會觸發該錯誤，將字段名後追加.raw便可。該例中：filename =》 filename.raw

• Likely root cause: expected '<document start>', but found BlockMappingStart

watcher的郵件配置請參照【https://www.elastic.co/guide/en/watcher/2.4/email-services.html】,追加到elasticsearch.yml文件後，watcher前必須加空格，不然啓動elasticsearch將出錯。

watcher.actions.email.service.account:
    work:
        profile: gmail
        email_defaults:
            from: 'John Doe <john.doe@host.domain>'
            bcc: archive@host.domain
        smtp:
            auth: true
            starttls.enable: true
            host: smtp.gmail.com
            port: 587
            user: <username>
            password: <password>

• 　　watcher相關的api

## 查看watcher列表

GET .watches/_search

{

        "fields" : [], 

        "query" : {"match_all" : { } }

}

## 查看watcher

GET _watcher/watch/ftp_file_status

## 取消激活watcher

PUT _watcher/watch/ftp_file_status/_deactivate

## 刪除watcher

DELETE _watcher/watch/ftp_status