priti
November 6, 2020, 12:00pm
1
Hi ,
I am trying to logging according to user using foreach but it is giving exception
"type" : "exception",
Foreach Condition #ctx .payload.aggregations.user.buckets}}{{key}} {{/ctx.payload.aggregations.user.buckets}} "
Aggregation Result server1.domain.com "
ylasri
November 6, 2020, 12:45pm
2
I think you should use key instead of keys
ctx.payload.aggregations.user.buckets
priti
November 7, 2020, 8:36pm
3
I tried with ctx.payload.aggregations.user.buckets.key also but it is not working.
ylasri
November 7, 2020, 10:10pm
4
This is your buckets array : ctx.payload.aggregations.user.buckets ? It should be used with foreach simply
priti
November 9, 2020, 9:27am
5
yes. When I have used
"log":{#ctx .payload.aggregations.user.buckets}}{{key}} {{/ctx.payload.aggregations.user.buckets}} "
It is giving below error ,
ylasri
November 9, 2020, 9:29am
6
Can you share your full watcher ?
priti
November 9, 2020, 6:10pm
7
"trigger": {
"schedule": {
"cron": "0 0/60 * ? * *"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"log-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 1000,
"query": {
"bool": {
"must": [
{
"exists": {
"field": "current_user_"
}
}
],
"should": [
{
"match": {
"program": "XYZ"
}
}
],
"must_not": [
{
"match": {
"current_user_": "nil"
}
}
],
"filter": {
"range": {
"@timestamp": {
"gte": "now-4d",
"lte": "now"
}
}
}
}
},
"aggs": {
"user": {
"terms": {
"field": "current_user_.keyword",
"min_doc_count": 25
},
"aggs": {
"instance": {
"terms": {
"field": "instance_.keyword"
},
"aggs": {
"remoteadd": {
"terms": {
"field": "remote_address_.keyword"
},
"aggs": {
"repo": {
"terms": {
"field": "repo.keyword"
}
}
}
}
}
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 25
}
}
},
"actions": {
"send_email": {
"foreach" : "ctx.payload.aggregations.user.buckets",
"max_iterations" : 500,
"email": {
"profile": "standard",
"priority": "normal",
"to": [
"{{ctx.payload.aggregations.user.buckets}}{{key}}@domainname.com{{#ctx.payload.aggregations.user.buckets}}"
],
"subject": "Subject XXXXXX",
"body": {
"html": "<p>Dear {{ctx.payload.aggregations.user.buckets}}{{key}}{{#ctx.payload.aggregations.user.buckets}}, <br><br> Please find below details<table border='1'><tr><th>User</th><th>Blocked transaction count</th><th>Instance</th><th>Remote Address</th><th>Repo</th></tr> {{#ctx.payload.aggregations.user.buckets}} <tr><td> {{key}} </td><td> {{doc_count}} </td>{{#instance.buckets}}<td> <p>{{key}} {{/instance.buckets}} </p></td><td>{{#instance.buckets}}{{#remoteadd.buckets}} <p>{{key}} {{/remoteadd.buckets}}{{/instance.buckets}}<br><br></p></td><td>{{#instance.buckets}}{{#remoteadd.buckets}}{{#repo.buckets}} <p>{{key}} {{/repo.buckets}}{{/remoteadd.buckets}}{{/instance.buckets}}<br><br></p></div></td></tr>{{/ctx.payload.aggregations.user.buckets}} </table><p><p>Regards<br>Application Monitoring Team</p>"
}
}
},
"log": {
"foreach" : "ctx.payload.aggregations.user.buckets",
"max_iterations" : 500,
"logging": {
"level": "info",
"text": " <table border='1'><tr><th>User</th><th>Blocked transaction count</th><th>Instance</th><th>Remote Address</th><th>Repo</th></tr> {{#ctx.payload.aggregations.user.buckets}} <tr><td> {{key}}@<domainname>.com </td><td> {{doc_count}} </td>{{#instance.buckets}}<td> <p>{{key}} {{/instance.buckets}} </p></td><td>{{#instance.buckets}}{{#remoteadd.buckets}} <p>{{key}} {{/remoteadd.buckets}}{{/instance.buckets}}<br><br></p></td><td>{{#instance.buckets}}{{#remoteadd.buckets}}{{#repo.buckets}} <p>{{key}} {{/repo.buckets}}{{/remoteadd.buckets}}{{/instance.buckets}}<br><br></p></div></td></tr>{{/ctx.payload.aggregations.user.buckets}} "
}
}
}
}```
system
December 7, 2020, 6:11pm
8
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.