Aggregration buckets can access in Elasticsearch query of "Rules and Connectors"

hari_priya1 · June 8, 2022, 7:17am

I am trying to trigger an alert if BindRequestCount is zero for the last 30 mins. So I have created a rule using the Elasticsearch query rule type.

{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "consumer_status.keyword": {
              "value": "actual_consumer"
            }
          }
        }
      ],
      "must_not": [
        {
          "terms": {
            "name.keyword": [
              "jumes29pipeline"
              
            ]
          }
        }
      ]
    }
  },
"aggs": {
  "consumer": {
    "terms": {
      "field": "name.keyword",
      "size": 1000
    },
          "aggs": {
            "metricAgg": {
              "avg": {
                "field": "bindRequestCount"
              }},
            "name": {
              "bucket_selector": {
                "buckets_path": {
                  "value": "metricAgg"
                },
                "script": "params.value == 0"
      }}
    }
  }}
}

Testing the above query able to access hits (documents matched) only, not the aggregation bucket output. Is there a way to access aggregation buckets in Rules and Connectors?

system · July 6, 2022, 7:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.