Cannot read search request | Watcher

Elastic Stack Kibana
1

Hi,

Problem: I am trying to put an alert on for every time a log is not sent.

I have tried to stimulate my watch, but I get the following error message back:
"[parse_exception] could not read search request. unexpected object field [query]".

This is what my console looks like:
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"query": {
"query_string": {
"default_field": "content",
"query": "(forward_to.keyword) AND (expo)"
}
},
"indices": "edmetric*"
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 1
}
}
},
"actions": {
"log": {
"logging": {
"text": "The number of {{ctx.payload.hits.total}} logs were not sent to Expo"
}
}
}
}

Thank you in advance!

2

Hi @ntran, thanks for your question.

It seems like you have a little typo in your script - the request object should contain a body property, not a query property

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "search": {
      "request": {
        "body": {
          "query_string": {
            "default_field": "content",
            "query": "(forward_to.keyword) AND (expo)"
          }
        },
        "indices": "edmetric*"
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 1
      }
    }
  },
  "actions": {
    "log": {
      "logging": {
        "text": "The number of {{ctx.payload.hits.total}} logs were not sent to Expo"
      }
    }
  }
}

is generated successfully for me.

3

Thanks so much @flash1293!

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.