Elasticsearch alarm payload not working

I am facing issues when I try to use the Elastic alarm option. I basically want to monitor 1 specific event and once it happens I want contents of the event to be inserted into the new index .

Email works fine for me.

Currently I see a new document is added into a new index but without any payload/specific information.

"actions": {
"Elasticsearch_alarm_3cb812fc-fb09-43e9-bb9e-780f50002815": {
"name": "Elasticsearch alarm",
"throttle_period": "1s",
"elastic": {
"priority": "low",
"stateless": false,
"message": "{{#ctx.payload.hits.hits}}{ to_field_name_y : {{_source.to_field_name_y}} , from_field_name_x : {{_source.from_field_name_x}} }||{{/ctx.payload.hits.hits}}"
}
}
}

can you share the full example to ease debugging? Thanks!

{
"actions": {
"Elasticsearch_alarm_0738406f-20b4-4e06-b9fc-47b588e1a7d2": {
"name": "Elasticsearch alarm",
"throttle_period": "1s",
"elastic": {
"priority": "low",
"stateless": false,
"message": "{{#ctx.payload.hits.hits}}To {{_source.to_field_name}}, From {{_source.from_field_name}}{{/ctx.payload.hits.hits}}"
}
}
},
"input": {
"search": {
"request": {
"index": [
“test-live"
],
"body": {
"size": 0,
"aggs": {
"2": {
"terms": {
"field": "from_field_name.keyword",
"size": 5,
"order": {
"_count": "desc"
}
}
}
},
"version": true,
"_source": {
"excludes":
},
"query": {
"bool": {
"must": [
{
"match_all": {}
},
{
"query_string": {
"query": "to_field_name:(123456789) AND from_field_name:(711*)”,
"analyze_wildcard": true
}
},
{
"range": {
"ingestion_time": {
"gte": "now-1m",
"lte": "now"
}
}
}
],
"must_not":
}
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"": {
"highlight_query": {
"bool": {
"must": [
{
"match_all": {}
},
{
"query_string": {
"query": "to_field_name:(123456789) AND from_field_name:(711
)”,
"analyze_wildcard": true
}
},
{
"range": {
"ingestion_time": {
"gte": "now-1m",
"lte": "now"
}
}
}
],
"must_not":
}
}
}
},
"fragment_size": 2147483647
}
}
}
}
},
"condition": {
"script": {
"script": "payload.hits.total > 0"
}
},
"trigger": {
"schedule": {
"later": "every 15 seconds"
}
},
"disable": false,
"report": false,
"title": "watcher_ym_new",
"save_payload": true,

}

your script does not work as expected. it must ctx.payload.hits.total. Also please share the output of the Execute Watch API

one last tidbit: Please take the time to format your code samples properly. This forum supports markdown and using it will make your posts infinitely more readable. Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.