Advice on transform in watcher Slack action, please

New to this, and would appreciate some advice (and links to documentation, if I've missed any that could have answered my question).

I am trying to create dynamic attachments for a Slack watcher action, which I've cobbled together from other examples I've found:

"transform": {
    "script": {
      "source": "ctx.payload.hits.total=ctx.payload.hits.total; ['items': ctx.payload.hits.hits.collect(foo -> ['region': foo._source.geoip.region_name, 'time': foo._source['audit.eventTimestamp'], 'email': foo._source['audit.principalEmail'], 'index': foo._index, 'docid': foo._id, 'methodName': foo._source['audit.methodName']])]",
      "lang": "painless"
    }
  },

This creates the index for the dynamic attachments just fine. What isn't working is to somehow carry over the ctx.payload.hits.total value so that I include the total number of hits in the Slack title as well... What am I doing wrong here?

Thanks!!

Hey,

how about creating an empty map, assigning hits.total and then use that map in to assign items like this

def data = [:];
data.total_hits = ctx.payload.hits.total
data.items = ctx.payload.hits.hits.collect ... ;
return data;

--Alex

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.