I am trying to develop a complex watcher. The beginning is a chain input that uses aggregations and a bucket selector to narrow down my payload to a list of actionable ID's. At that point, I need to query the original index to pull back in the full documents before proceeding to an action.
I've tried to do this two different ways: 1) using a for each action and running each ID through a search transform and 2) adding another search transform outside of the actions that queries the index for my list of IDs. Unfortunately I cannot get either to work and I'm pretty lost at this point.
The issue with (1) is that it seems the only section of the action the "for each" functionality applies to is the action. In other words, any transform or condition inside of a for each action receives the original payload instead of the nested payload and their results do no affect the payload at all.
With (2) I am unable to develop a query that will return hits when I have a list. It seems like the only query that might work for this would be a terms query but my painless script is returning an array that looks like this: {1=first, 2=second, ... } which does not work with a terms query. I think I need to run a search transform within a script transform so I can loop over my list and query the index, but that isn't possible either.