Advice on transform in watcher Slack action, please

do.ac · June 25, 2019, 9:59pm

New to this, and would appreciate some advice (and links to documentation, if I've missed any that could have answered my question).

I am trying to create dynamic attachments for a Slack watcher action, which I've cobbled together from other examples I've found:

"transform": {
    "script": {
      "source": "ctx.payload.hits.total=ctx.payload.hits.total; ['items': ctx.payload.hits.hits.collect(foo -> ['region': foo._source.geoip.region_name, 'time': foo._source['audit.eventTimestamp'], 'email': foo._source['audit.principalEmail'], 'index': foo._index, 'docid': foo._id, 'methodName': foo._source['audit.methodName']])]",
      "lang": "painless"
    }
  },

This creates the index for the dynamic attachments just fine. What isn't working is to somehow carry over the ctx.payload.hits.total value so that I include the total number of hits in the Slack title as well... What am I doing wrong here?

Thanks!!

spinscale · July 1, 2019, 7:01am

Hey,

how about creating an empty map, assigning hits.total and then use that map in to assign items like this

def data = [:];
data.total_hits = ctx.payload.hits.total
data.items = ctx.payload.hits.hits.collect ... ;
return data;

--Alex

system · July 29, 2019, 7:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to have dynamic attachment fields in slack action? Elasticsearch elastic-stack-alerting	7	1559	July 6, 2017
Watcher Sending Slack dynamic Attachments Elasticsearch elastic-stack-alerting	2	1146	March 21, 2018
Watcher transform assistance Elasticsearch elastic-stack-alerting	2	395	March 6, 2020
Watcher action returns some payload, but not others Elasticsearch elastic-stack-alerting	3	501	July 29, 2020
Watcher Iteration questions Elasticsearch	2	956	April 18, 2018

Advice on transform in watcher Slack action, please

Related topics