Accessing fields from Watcher search condition

Sanj · December 31, 2018, 6:17am

Hi Team,
I'm trying to develop a watcher comparing some fields from two different search conditions. Since I'm new to watcher, I could figure out exact way to access the fields of the records obtained from the search results.

Below is my watcher, where I'm searching for the records which is having particular string in it. After fetching the results I need to access the fields from the record to check some conditions and send me an alert kind of action.

		GET _xpack/watcher/watch/terracota_watcher
	{
	  "trigger" : {
		"schedule" : { "interval" : "10s" } 
	  },
	  "input" : {
	  "chain" : {
		"inputs" : [
		  {
			"first" : {
				"search" : {
					"request" : {
						"indices" : [ "script*1" ],
						"body" : {
							"query" : {
								"match" : { "message": "PerfWAG1" }
							}
						}
					}
				}
			}
		  },
		  {
			"second" : {
			  "search" : {
					"request" : {
						"indices" : [ "script*1" ],
						"body" : {
							"query" : {
								"match" : { "message": "Perf-WAG2" }
							}
						}
					}
				}
			}
		  }
		],
		"condition" : {
		  "script" : {
			"lang" : "painless",
			"source": """
				
				def wag1Name = null;
				def wag1Size = null;
				def wag2Name = null;
				def wag2Size = null;
				
				Map wag1Map = new HashMap();
				Map wag2Map = new HashMap();
				
				boolean status;
				def serverName = doc['entities.agentId.keyword'].value;
				//return serverName;
				if (serverName.contains("PerfWAG1")){
				  wag1Name = doc['entities.name.keyword'].value;
				  wag1Size = doc['entities.attributes.Size'].value;
				  wag1Map.put(wag1Name,wag1Size);
				}
				
				if (serverName.contains("Perf-WAG2")){
				  wag2Name = doc['entities.name.keyword'].value;
				  wag2Size = doc['entities.attributes.Size'].value;
				  wag2Map.put(wag2Name,wag2Size);
				}
				
				//return wag1Map+"_"+wag2Map;
				
				for(int i=0;i<wag1Map.size();i++){
				  for(int j=0;j<wag2Map.size();j++){
							if(wag1Map.key[i]==wag2Map.key[j]){
								if(wag2Map.value[i]==wag2Map.value[j]){
								  status = true;
								}else{
								  status = false;
								}
							}
				  }
				}
				
				return status; 
						"""
			}
		  }
		}
	  }
	}

SCRIPT EXPLAINED:
The condition which I'm comparing is that , i have a field 'NAME' which has predefined values say name1, name2 and name3, they have corresponding 'SIZE' parameters. I'm taking records from 2 different servers and initially comparing the 'NAME' field, if it matches then I'm checking the respective 'SIZE' parameter. if it matches I'm returning true, if not I'm returning false.

To achieve that, I'm putting all the name size parameters in a map of key, value pairs so that it can be iterated and and compared.

This is my watcher as of now, is this approach correct or am I accessing the fields in a wrong way? Any help would be really appreciated.

Thank You in advance.

spinscale · January 8, 2019, 9:04am

The doc syntax is not working within a watcher condition, as the script context of the condition is completely different. The doc syntax only works, when you are accessing fields with in a doc value context (like sorting or scripted fields), where as when executing a watch ,the whole result of the input will be included in the ctx.payload variable.

This means you need to use the ctx.payload variable and compare contents out of that variable with each other.

hope this helps!

Sanj · January 24, 2019, 12:22pm

@spinscale Thank you for you response mate. I appreciate it.

system · February 21, 2019, 12:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.