Advice on transform in watcher Slack action, please

do.ac · June 25, 2019, 9:59pm

New to this, and would appreciate some advice (and links to documentation, if I've missed any that could have answered my question).

I am trying to create dynamic attachments for a Slack watcher action, which I've cobbled together from other examples I've found:

"transform": {
    "script": {
      "source": "ctx.payload.hits.total=ctx.payload.hits.total; ['items': ctx.payload.hits.hits.collect(foo -> ['region': foo._source.geoip.region_name, 'time': foo._source['audit.eventTimestamp'], 'email': foo._source['audit.principalEmail'], 'index': foo._index, 'docid': foo._id, 'methodName': foo._source['audit.methodName']])]",
      "lang": "painless"
    }
  },

This creates the index for the dynamic attachments just fine. What isn't working is to somehow carry over the ctx.payload.hits.total value so that I include the total number of hits in the Slack title as well... What am I doing wrong here?

Thanks!!

spinscale · July 1, 2019, 7:01am

Hey,

how about creating an empty map, assigning hits.total and then use that map in to assign items like this

def data = [:];
data.total_hits = ctx.payload.hits.total
data.items = ctx.payload.hits.hits.collect ... ;
return data;

--Alex

system · July 29, 2019, 7:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher Sending Slack dynamic Attachments Elasticsearch elastic-stack-alerting	2	1144	March 21, 2018
Watcher transform assistance Elasticsearch elastic-stack-alerting	2	392	March 6, 2020
Watcher action returns some payload, but not others Elasticsearch elastic-stack-alerting	3	500	July 29, 2020
Watcher Iteration questions Elasticsearch	2	956	April 18, 2018
Cannot access the search results through the watch execution context - Ctx.payload.hits.total Elasticsearch elastic-stack-alerting	6	1035	April 19, 2018

Advice on transform in watcher Slack action, please

Related Topics