How to Extract/Download Elasticsearch Watchers

If you’re using Elastic Stack for Security and/or Monitoring for sure you have heard (if you didn’t use it) about the Watchers.

Watcher is an Elasticsearch feature that you can use to create actions based on conditions, which are periodically evaluated using queries on your data. Watches are helpful for analyzing mission-critical and business-critical streaming data. For example, you might watch application logs for performance outages or audit access logs for security threats.

Watcher is a very powerful tool from Elastic, but there are some limitations, in this blog we are going to focus on one of them.

There’s no place where you can Import / Export Watcher like other objects, here’s a workaround

Watchers List

Now, we can use API requests to GET the watcher

GET Watcher

But, we can’t call all the list of watchers at one time!

Here’s a workaround, we need to loop all the list, for that, we have this basic script where you put all the list of watchers and you call all of them.

Export Watchers Script

code is here

you can copy the output from the command line or you can add the copy the output into a txt file directly

Extract Watchers

Enjoy ^^