[Watcher] Conditional Criteria and Actions Through a Watcher UI

[elasticmachine]

Original comment by @alexfrancoeur:

After speaking to a number of users at Elastic{ON} I noticed that there was a common request to create more conditional alerts. The features I list below are common across products like APM. I imagine our APM team will eventually need a UI to create and edit such watches.

Users would like to define a single watch through a UI that allow for conditional criteria and multiple actions like this:

If [field1] is greater than threshold X and [field2] is less than threshold Y over the last 15 minutes mark as warning and `send email to EMAIL REDACTED

If [field] is greater than threshold Y and [field2] is less than threshold Y over the last 60 minutes mark as severe and send slack to #opschannel

Ideally, this would not be limited to thresholds but also the ability to conditionally check if a value is in (or not in) a specific document. IE, if X number of documents contain 404 as a response code, send warning alert.

cc: @skearns64 @makwarth

[elasticmachine]

Original comment by @pickypg:

Just to be clear, conditions can be applied to the overall watch (required) as well as individual actions (optional).

[elasticmachine]

Original comment by @chrisronline:

This sounds great @alexfrancoeur. I'm excited to start adding more to this experience and glad to see we've been collecting some user feedback!

[elasticmachine]

Pinging @elastic/es-ui

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[gmmorris]

We have an equivalent issue in Kibana Alerting (tagged above by Patrick), so removing us from this Watcher specific issue to avoid duplicaiton.
Thanks for bringing this req to our attention.