"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working

gayathri · October 29, 2018, 5:43am

Hi Team,

"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working for me while creating the watch alert. We are getting mail alerts if we remove the below block:

"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}}
},

tried:

"condition" : {
"script" : "return ctx.payload.hits.total > 5"
}
as well. But the condition block is not working. PFB, the complete watcher request:

{
"trigger" : {
"schedule" : { "interval" : "10s" }
},
"input" : {
"search" : {
"request" : {
"body" : {
"query" : {
"match" : { "Status": "404" }
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}}
},
"actions" : {
"send_email" : {
"email" : {
"to" : "mail.dns.com",
"subject" : "Test",
"body" : " Test"
}
}
}
}

Thanks,
Gayathri

gayathri · October 29, 2018, 5:56am

Team,

Could see "ctx.payload.hits.total" is always taking as "0". Kindly help me to get the exact count.

spinscale · October 29, 2018, 10:00am

please include the full output of the execute watch API here, this will make debugging a lot easier. Also please include the full watch here. And please use proper formatting, as you can just use markdown.

--Alex

gayathri · October 30, 2018, 1:16pm

Hi,

That issue got resolved by adding "search_type": "query_then_fetch" in input.

But having another issue, ctx.payload.hits.total is taking all the hits but not according to the query in the input.

So when we trigger for an error scenario with Success cases it is taking the count for both.

{
"trigger": {
"schedule": {
"interval": "30s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"index*"
],
"types": [],
"body": {
"query": {
"bool": {
"must": {
"match": {
"message": "status ~ 404"
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-30s"
}
}
}
]
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 5
}
}
},
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"mail.domain.com"
],
"subject": "ALERT",
"body": {
"text": "Found {{ctx.payload.hits.total}} errors in the logs "
}
}
}
}
}

Kindly help on the above issue.

gayathri · November 2, 2018, 9:58am

Kindly help me on the above

system · November 30, 2018, 9:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.