I am trying to trigger an alert if BindRequestCount is zero for the last 30 mins. So I have created a rule using the Elasticsearch query rule type.
{
"query": {
"bool": {
"must": [
{
"term": {
"consumer_status.keyword": {
"value": "actual_consumer"
}
}
}
],
"must_not": [
{
"terms": {
"name.keyword": [
"jumes29pipeline"
]
}
}
]
}
},
"aggs": {
"consumer": {
"terms": {
"field": "name.keyword",
"size": 1000
},
"aggs": {
"metricAgg": {
"avg": {
"field": "bindRequestCount"
}},
"name": {
"bucket_selector": {
"buckets_path": {
"value": "metricAgg"
},
"script": "params.value == 0"
}}
}
}}
}
Testing the above query able to access hits (documents matched) only, not the aggregation bucket output. Is there a way to access aggregation buckets in Rules and Connectors?