Elasticsearch Watcher - convert the milliseconds-since-the-epoch value back into a string

Kathir_J · October 25, 2018, 12:33pm

Hi,

I am currently trying with watcher for anomalies.
Here is my text field which gets notified in slack.

"text": "Machine Learning Results - Object cache size is going to exceed threshold limit.\n Anomalies:\n{{#ctx.payload.hits.hits}}score={{_source.anomaly_score}} at time={{_source.timestamp}}\n{{/ctx.payload.hits.hits}}"

and in slack, it is notified as below.

Machine Learning Results - Object cache size is going to exceed threshold limit.
Anomalies:
score=34.23307635237295 at time=1540379400000
score=32.13437 at time=1540379700000

_source.timestamp is producing milliseconds-since-the-epoch value. But I would like to notify this value as readable date format.

Is there way to format this ?

spinscale · October 25, 2018, 12:57pm

Hey,

you need to do a script transform first to convert the time to an Instant using Instant.ofEpochMilli() and then use java-time methods.

Also be aware, that a transform replaces the existing payload, so you have to make sure you return the full payload and enrich the date fields.

Hope this helps!

--Alex

system · November 22, 2018, 12:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.