"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"indices*"
],
"types": ,
"body": {
"size": 10,
"query": {
"bool": {
"must": [
{
"simple_query_string": {
"query": "(123)"
"fields": [
"Message",
]
}
},
{
"range": {
"@timestamp": {
"gte": "now-15m/m",
"lte": "now"
}
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
},
{
"second": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"indices*"
],
"types": ,
"body": {
"size": 100,
"query": {
"bool": {
"must": [
{
"exists": {
"field": "abcMsg"
}
},
{
"range": {
"@timestamp": {
"gte": "now-15m/m",
"lte": "now"
}
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
}
}
]
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_alert": {
"email": {
"profile": "standard",
"to": [
"'Jennifer 123@gmail.com'"
],
"subject": "{{ctx.payload.hits.hits.0._source.hostname}} {{ctx.payload.hits.hits.0._source.wlstimestamp}} {{ctx.payload.hits.hits.0._source.wlsdomain}} {{ctx.payload.hits.hits.0._source.wlsname}} {{ctx.payload.hits.hits.0._source.msgId}}",
"body": {
"html": "djsghjsakgfdsagksahg"
}
}
},
"log_error": {
"transform": {
"script": {
"source": "\t\t\t def docs = [];\n\t\t\t for (hit in ctx.payload.hits.hits) {\n\t\t\t def update = hit['_source'];\n\t\t\t // Pattern to parse the date/timestamp input.\n\t\t\t DateTimeFormatter input = DateTimeFormatter.ofPattern(\"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\");\n\t\t\t ZonedDateTime date = ZonedDateTime.parse(hit._source['@timestamp'], input.withZone(ZoneId.of(\"UTC\"))).plusHours(8);\n\t\t\t // Pattern to format the parsed date.\n\t\t\t DateTimeFormatter output = DateTimeFormatter.ofPattern(\"yyyy-MM-dd HH:mm:ss\");\n\t\t\t update['logDate'] = date.format(output);\n\t\t\t docs.add(update);\n\t\t}\n return ['exceptions_details': docs];",
"lang": "painless"
}
},
"logging": {
"category": "watcher.logging.None",
"level": "info",
"text": "Found {{ctx.payload.exceptions_details.size}} exceptions in the server logs\n{{#ctx.payload.exceptions_details}}[{{abc}}] {{def}} {{ghi}} \n{{/ctx.payload.exceptions_details}}"
}
}
}
}
I want to apply first query to email action and second query to logging action, how could i do