Wikis

Watcher Actions

2 min read

Watcher Actions

Watcher actions are the side effects Elasticsearch executes after a watch condition evaluates to true.

Overview

In Watcher, a watch does not stop at detecting a condition. It can also execute one or more actions, such as sending a notification or calling an external system. The Jira action is one example: when the watch fires, Elasticsearch can create a Jira issue using the fields supplied in the action definition.

Actions run from the watch definition’s actions block. Each action has its own configuration and can use the watch execution context, including templated values like {{ctx.payload...}}.

Key Facts

  • Watcher actions turn detection logic into operational follow-through — not just observation
  • The Jira action is used to create issues in Atlassian Jira Software from a watch
  • Action-specific configuration lives under the action type keyword, such as jira
  • Templated values from the watch context can be used in Jira fields like summary and description
  • Jira account configuration is external to the watch itself and lives in elasticsearch.yml

Why This Matters

The Elastic Stack overview in this wiki currently emphasizes ingest, storage, and visualization. Watcher actions add a different dimension: Elasticsearch can also participate in alerting workflows that create tickets or notify external systems.

This is an integration surface, not a core storage feature. It belongs conceptually closer to alerting and operational automation than to indexing or search.

Jira-Specific Constraints

  • A Jira account must be configured before the action can work
  • The issue still needs required Jira fields, especially project, issue type, and summary
  • Custom fields are supported because the action passes issue fields through to Jira’s Create Issue API
  • Secure settings are preferred for Jira credentials; plain-text configuration is deprecated

See Also

Graph View

Backlinks