"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working

gayathri · October 29, 2018, 5:43am

Hi Team,

"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working for me while creating the watch alert. We are getting mail alerts if we remove the below block:

"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}}
},

tried:

"condition" : {
"script" : "return ctx.payload.hits.total > 5"
}
as well. But the condition block is not working. PFB, the complete watcher request:

{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"body" : {
"query" : {
"match" : { "Status": "404" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "mail.dns.com",
"subject" : "Test",
"body" : " Test"
}
}
}
}

Thanks,
Gayathri

gayathri · October 29, 2018, 5:56am

Team,

Could see "ctx.payload.hits.total" is always taking as "0". Kindly help me to get the exact count.

spinscale · October 29, 2018, 10:00am

please include the full output of the execute watch API here, this will make debugging a lot easier. Also please include the full watch here. And please use proper formatting, as you can just use markdown.

--Alex

gayathri · October 30, 2018, 1:16pm

Hi,

That issue got resolved by adding "search_type": "query_then_fetch" in input.

But having another issue, ctx.payload.hits.total is taking all the hits but not according to the query in the input.

So when we trigger for an error scenario with Success cases it is taking the count for both.

{
"trigger": {
"schedule": {
"interval": "30s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"index*"
],
"types": [],
"body": {
"query": {
"bool": {
"must": {
"match": {
"message": "status ~ 404"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-30s"
}
}
}
]
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 5
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"mail.domain.com"
],
"subject": "ALERT",
"body": {
"text": "Found {{ctx.payload.hits.total}} errors in the logs "
}
}
}
}
}

Kindly help on the above issue.

gayathri · November 2, 2018, 9:58am

Kindly help me on the above

system · November 30, 2018, 9:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ctx.payload.hits.total.value in condition not working Elasticsearch elastic-stack-alerting	7	5226	September 19, 2019
Ctx.payload.hits.total returns me zero, why? Elasticsearch elastic-stack-alerting	3	1135	July 6, 2017
Elastic watch condition proble,s Elasticsearch elastic-stack-alerting	3	420	October 14, 2020
Trying to create watcher but getting payload is "ctx.payload.hits.total.value" : null Elasticsearch elastic-stack-alerting	2	3419	April 21, 2020
Watcher Condition - How do I know when ctx.payload.hits.total increased? Elasticsearch elastic-stack-alerting	1	941	July 6, 2017

"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working

Related topics