Email alert could not getting the value of a map defined in conditions

here is my search response:

{
  "took": 638,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 2705428,
    "max_score": 0,
    "hits": []
  },
  "aggregations": {
    "group_by_source": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "jiwei",
          "doc_count": 2599928,
          "group_by_logtype": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "clickNumber",
                "doc_count": 2599894
              },
              {
                "key": "advAckAllNumber",
                "doc_count": 34
              }
            ]
          }
        },
        {
          "key": "zhitou",
          "doc_count": 105473,
          "group_by_logtype": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "clickNumber",
                "doc_count": 105471
              },
              {
                "key": "advAckAllNumber",
                "doc_count": 2
              }
            ]
          }
        },
        {
          "key": "kejin",
          "doc_count": 15,
          "group_by_logtype": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "clickNumber",
                "doc_count": 13
              },
              {
                "key": "advAckAllNumber",
                "doc_count": 2
              }
            ]
          }
        },
        {
          "key": "mex",
          "doc_count": 11,
          "group_by_logtype": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "clickNumber",
                "doc_count": 10
              },
              {
                "key": "advAckAllNumber",
                "doc_count": 1
              }
            ]
          }
        },
        {
          "key": "applovin",
          "doc_count": 1,
          "group_by_logtype": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "clickNumber",
                "doc_count": 1
              }
            ]
          }
        }
      ]
    }
  }
}

And here is my watch rules, how could I get the value of rates that defined in conditions in the email?

{
  "trigger": {
    "schedule": {
      "cron": "0 0 11 * * ?"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "logstash-*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "must": {
                "range": {
                  "@timestamp": {
                    "gte": "now-8d/d",
                    "lte": "now-8d/d",
                    "time_zone": "+00:00"
                  }
                }
              },
              "filter": {
                "query_string": {
                  "query": "(appid:1179908959)AND(log_type:(clickNumber|advAckAllNumber))"
                }
              }
            }
          },
          "aggs": {
            "group_by_source": {
              "terms": {
                "field": "source.keyword",
                "size": 50
              },
              "aggs": {
                "group_by_logtype": {
                  "terms": {
                    "field": "log_type.keyword"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "source": "def hg = 0.0005;def lw = 0.0001;def len_th = ctx.payload.aggregations.group_by_source.buckets.size();def rate = 0.0;def rates = new HashMap();def lt = 0;for (def i = 0; i < len_th; i++) {  lt = ctx.payload.aggregations.group_by_source.buckets[i].group_by_logtype.buckets.length;if (lt === 1 ) { rate = 0 } else { rate = ctx.payload.aggregations.group_by_source.buckets[i].group_by_logtype.buckets.1.doc_count / ctx.payload.aggregations.group_by_source.buckets[i].group_by_logtype.buckets.0.doc_count } if ( rate < lw || rate > hg ) { rates[ctx.payload.aggregations.group_by_source.buckets[i].key] = rate  }  }   return len_th === 5 ;",
      "lang": "painless"
    }
  },
  "actions": {
    "email_admin": {
      "email": {
        "profile": "standard",
        "from": "bo.zhang@jcmob.net",
        "to": [
          "bo.zhang@jcmob.net"
        ],
        "subject": "J&C source activate rate is out of range",
        "body": {
          "text": " The info locate at: http://10.61.8.15:5601/goto/50f91b750a67fe933dd52e431b250d3f"
        }
      }
    }
  }
}

Does dynamic variable applys to my issue? Is there any example using dynamic variable in Watcher?

bak.png820×793 51.9 KB

Having a one line script makes it super unreadable for anyone, even yourself. Kibana has a nice feature that if you use """ to start a script with, you can write multi-line scripts - and share them here (at the expense that this is a pure kibana feature).

Now on to your issue: If you want the rates variable to be available in your action, you need to use a script transform to add it to the existing payload, like this

def payload = ctx.payload;
payload.rates = YOUR_CALCULATION
return payload

hope this helps

Thanks for your reply, with your help I can get the value right now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.