Count of hits per error

Hi,

I am trying to get email notification with number of hits for each error types mentioned in my below query.

{
"trigger": {
"schedule": {
"daily": {
"at": [
{
"hour": [
7,
17
],
"minute": [
0,
30
]
}
]
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"<filebeat-{now/d-7d}>"
],
"types": ,
"body": {
"query": {
"bool": {
"should": [
{
"match_phrase": {
"message": "Error 1"
}
},
{
"match_phrase": {
"message": "Error 2"
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_administrator": {
"email": {
"profile": "standard",
"attach_data": {
"format": "yaml"
},
"priority": "high",
"to": [
"abc@demo.com"
],
"subject": {
"source": "{{ctx.metadata.color}} ERROR DEMO",
"lang": "mustache"
},
"body": {
"text": "Hello All, \n \n\n Issues the logs. \n\nCould you please check attached data ? \n \n Find the list of stores to check for failure:\n\n{{#ctx.payload.hits.hits}} * Host = {{_source.host}}, Log Time = {{_source.LogTime}}\n\n{{/ctx.payload.hits.hits}}\n\nThank you\nKibana"
}
}
}
}
}

The format I want should look like below table, where first error came for 5 times and 2nd error came for 7 times.
|SN|Error Name|hits#|
|1|Error 1|5|
|2|Error 2|7|

Any type of help is appreciated.

please take your time and format messages properly. Those are impossible to read. You can use markdown for sourcecode formatting here, which will also fix the indenting and make this much more readable.

I also have a hard time to understand, what exactly you are expecting and what is not working. Maybe you can describe it again and also show a sample search result in order to explain things.

--Alex

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.