Hi
I am using scripted grouping of a index . if any bucket's document count is greater than 0, i want to select description filed from index with all of grouping field using as filter for that query.
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-40m",
"lte": "now"
}
}
}
]
}
},
"aggs": {
"scripted": {
"terms": {
"script": {
"source" : "doc['Component_Type'].value + '|' + doc['layer'].value+ '|' + doc['test'].value+ '|' + doc['measure'].value+ '|'+ doc['priority'].value+ '|' + doc['start date'].value"
},
"size": 500
}
}
}
In the watcher, at transformation, i converted all these key into arraylist
"transform":{
"script":
"""
List keysList = ctx.payload.query_data.aggregations.scripted.buckets.stream().map(t -> {return t.key}).collect(Collectors.toList());
"""
},
Now, how can i get "description" field for each element of this list in Transform phase.
I want to populate description field into incident which i will create action-webhook.
So for each elements in the transformed list, need to get description and need to create incident in ITSM tool
Thanks in advance