Click on the Create New Watch button and choose the Advanced Watch option. This brings up the Advanced Watch UI.
Specify the watch ID and watch name, and then paste the JSON to create a watch in the Watch JSON box; click on Save to create a watch. Watch ID refers to the identifier used by Elasticsearch when creating a Watch, whereas name is the more user-friendly way to identify the watch:
The Simulate tab provides a UI to override parts of the watch and then run a simulation of it.
Watch Name will be stored in the metadata section of the watch body. You can use the metadata section when creating the watch to store custom metadata, tags, or information to represent/identify a watch.
Clicking on Save will save the watch in the watches index and can be validated using the following query:
curl -u elastic:elastic -XGET http://localhost:9200/.watches/_search?q=metadata.name:errored_logs_watch
Since we have configured logging as the action, when the alert is triggered, the same can be seen in elasticsearch.log:
