Ctx.payload.hits.hits not working

yagami23 · May 10, 2019, 9:41am

Hi, below is my watcher content, its not working when add in transform section into it, the whole looping for ctx.payload.hits.hits is not working, the email receive only showing " The alert condition for 'OSB - ni-ecomm-wsc-cust-sync error was triggered:" . After remove the transform section, it's working again, the email receive showing all the results, please advise.

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  }    ,
      "input": {
        "search": {
          "request": {
            "search_type": "query_then_fetch",
        "indices": [
          "websys-weblogic-*"
        ],
        "types": [],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "match_phrase": {
                    "message": "ni-ecomm-wsc-cust-sync error"
                  }
                },
                {
                  "match": {
                    "fields.env": "prod"
                  }
                },
                {
                  "wildcard": {
                    "source.keyword": "/opt/apps/logs/osb-server/weblogic/osb-server*.log"
                  }
                }
              ],
              "filter": [
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-15m"
                    }
                  }
                }
              ]
            }
          },
          "sort": [
            {
              "@timestamp": {
                "order": "desc",
                "unmapped_type": "boolean"
              }
            }
          ]
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gt": 0
      }
    }
  },
  "actions": {
    "send_email": {
      "email": {
        "profile": "standard",
        "to": [
          "xxx@xxx.com"
        ],
        "subject": "(ElasticSearch) OSB - ni-ecomm-wsc-cust-sync error",
        "body": {
          "html": "<html><h3>The alert condition for 'OSB - ni-ecomm-wsc-cust-sync error was triggered:</h3></html><br>{{#ctx.payload.hits.hits}}\tDate: {{_source.@timestamp}}<br>\tHostname:{{_source.host.name}}<br>\tMessage: {{_source.message}}<hr><br>{{/ctx.payload.hits.hits}}"
        }
      }
    }
  },
  **"transform": {**
    **"script": {**
      **"source": "return[ctx.metadata.t1 = Instant.ofEpochMilli(ctx.execution_time.getMillis()).minus(15,** **ChronoUnit.MINUTES)]",**
      **"lang": "painless"**
    **}**
  **},**
  "throttle_period_in_millis": 14400000
}

spinscale · May 10, 2019, 11:32am

Please take your time and properly format your messages. This makes it impossible to parse the JSON due to the missing indentation and seemingly random formatting. You can use markdown here, so please make use of that.

a script transform needs to return a payload, which your script does not do.

See https://www.elastic.co/guide/en/elastic-stack-overview/7.0/transform-script.html

yagami23 · May 13, 2019, 2:09am

Hi , i have add in "return" in transform, but the {{#ctx.payload.hits.hits}} {{/ctx.payload.hits.hits}} still showing blank result. If i remove the whole transform section, the {{#ctx.payload.hits.hits}} {{/ctx.payload.hits.hits}} is working and showing all the output.

system · June 10, 2019, 2:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.