Hi,
I really need help at this point, I'm trying to set up a watcher that triggers an email alert whenever a file is changed (file integrity).
The issue I'm having is trying to use a for loop on the script intended to retrieve the name of the files to add them to the email body.
This works perfectly fine, and I'm able to access each element in the array by manually changing ctx.payload.hits.hits[0]:
"actions": {
"send_email": {
"email": {
"profile": "standard",
"to": [
"someone@domain.com"
],
"subject": "DR ELK:: File Integrity Monitoring",
"body": {
"text": """Important files below have been modified: \r\r {{ctx.payload.agents_hostname}} => {{ctx.payload.files}} => {{ctx.payload.event}}"""
}
}
}
},
"transform": {
"script": {
"source": """
ctx.payload.transform = ['agents_hostname' : ctx.payload.hits.hits[0]._source.agent.hostname, 'files' : ctx.payload.hits.hits[0]._source.file.path, 'event' : ctx.payload.hits.hits[0]._source.event.action]; return ctx.payload.transform""",
"lang": "painless"
}
},
But if I try with a FOR / WHILE loop to automatically iterate through the array values like this:
"transform" :{
"script": {
"source": """
for(int j = 0; j < ctx.payload.hits.total; j++) {
ctx.payload.transform = ['agents_hostname' : ctx.payload.hits.hits[j]._source.agent.hostname,
'files' : ctx.payload.hits.hits[j]._source.file.path,
'event' : ctx.payload.hits.hits[j]._source.event.action];
},
return ctx.payload.transform""",
"lang": "painless"
}
},
Then I get a "Compile Error" when trying to save/simulate.
I've been stuck at this for a few days now, read a lot and cannot get it to work.
Thanks in advance!
Regards!