"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working

gayathri · October 29, 2018, 5:43am

Hi Team,

"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working for me while creating the watch alert. We are getting mail alerts if we remove the below block:

"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}}
},

tried:

"condition" : {
"script" : "return ctx.payload.hits.total > 5"
}
as well. But the condition block is not working. PFB, the complete watcher request:

{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"body" : {
"query" : {
"match" : { "Status": "404" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "mail.dns.com",
"subject" : "Test",
"body" : " Test"
}
}
}
}

Thanks,
Gayathri

gayathri · October 29, 2018, 5:56am

Team,

Could see "ctx.payload.hits.total" is always taking as "0". Kindly help me to get the exact count.

spinscale · October 29, 2018, 10:00am

please include the full output of the execute watch API here, this will make debugging a lot easier. Also please include the full watch here. And please use proper formatting, as you can just use markdown.

--Alex

gayathri · October 30, 2018, 1:16pm

Hi,

That issue got resolved by adding "search_type": "query_then_fetch" in input.

But having another issue, ctx.payload.hits.total is taking all the hits but not according to the query in the input.

So when we trigger for an error scenario with Success cases it is taking the count for both.

{
"trigger": {
"schedule": {
"interval": "30s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"index*"
],
"types": [],
"body": {
"query": {
"bool": {
"must": {
"match": {
"message": "status ~ 404"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-30s"
}
}
}
]
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 5
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"mail.domain.com"
],
"subject": "ALERT",
"body": {
"text": "Found {{ctx.payload.hits.total}} errors in the logs "
}
}
}
}
}

Kindly help on the above issue.

gayathri · November 2, 2018, 9:58am

Kindly help me on the above

system · November 30, 2018, 9:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ctx.payload.hits.total.value in condition not working Elasticsearch elastic-stack-alerting	7	4955	September 19, 2019
I have issues with "ctx.payload.hits.total": null Elasticsearch elastic-stack-alerting	2	861	July 28, 2020
No alert form array results Elasticsearch elastic-stack-alerting	14	3012	July 6, 2017
How to compare ctx.payload.hits.total value to last ctx.payload.hits.total Elasticsearch elastic-stack-alerting	4	1742	June 5, 2018
New to Watcher and trying to find examples Elasticsearch elastic-stack-alerting	3	503	June 28, 2018

"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working

Related topics