HI,
I have an array as output of watcher and i need to include this array in watcher body.
the result sample of my wathcer is as follows.
.
.
.
.
"payload": {
"results": [
{
"value": 319,
"key": "SGMContactByEmail"
},
{
"value": 92,
"key": "Overall"
}
]
}
I need email output as below in table
| Key | Value |
|---|---|
| SGMContactByEmail | 319 |
| Overall | 92 |
complete stimulte result is here
{
"watch_id": "_inlined_",
"node": "57In08qySJujMZrK8G3HeQ",
"state": "executed",
"user": "zyz.com",
"status": {
"state": {
"active": true,
"timestamp": "2022-07-20T01:58:10.363Z"
},
"last_checked": "2022-07-20T01:58:10.363Z",
"last_met_condition": "2022-07-20T01:58:10.363Z",
"actions": {
"email_1": {
"ack": {
"timestamp": "2022-07-20T01:58:10.363Z",
"state": "ackable"
},
"last_execution": {
"timestamp": "2022-07-20T01:58:10.363Z",
"successful": true
},
"last_successful_execution": {
"timestamp": "2022-07-20T01:58:10.363Z",
"successful": true
}
}
},
"execution_state": "executed",
"version": -1
},
"trigger_event": {
"type": "manual",
"triggered_time": "2022-07-20T01:58:10.363Z",
"manual": {
"schedule": {
"scheduled_time": "2022-07-20T01:58:10.363Z"
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"abc-connect-log-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-200d",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
},
"aggs": {
"bucketAgg": {
"terms": {
"field": "alertCode",
"size": 5,
"order": {
"_count": "desc"
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i].doc_count > params.threshold) { return true; } } return false;",
"lang": "painless",
"params": {
"threshold": 10
}
}
},
"metadata": {
"xpack": {
"type": "json"
}
},
"result": {
"execution_time": "2022-07-20T01:58:10.363Z",
"execution_duration": 3,
"input": {
"type": "search",
"status": "success",
"payload": {
"_shards": {
"total": 1,
"failed": 0,
"successful": 1,
"skipped": 0
},
"hits": {
"hits": [],
"total": 425,
"max_score": null
},
"took": 2,
"timed_out": false,
"aggregations": {
"bucketAgg": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"doc_count": 319,
"key": "ContactByEmail"
},
{
"doc_count": 92,
"key": "Overall"
},
{
"doc_count": 9,
"key": "FindFolders"
},
{
"doc_count": 5,
"key": "FindItems"
}
]
}
}
},
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"abc-connect-log-*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "2022-07-20T01:58:10.36341791Z||-200d",
"lte": "2022-07-20T01:58:10.36341791Z",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
},
"aggs": {
"bucketAgg": {
"terms": {
"field": "alertCode",
"size": 5,
"order": {
"_count": "desc"
}
}
}
}
}
}
}
},
"condition": {
"type": "script",
"status": "success",
"met": true
},
"transform": {
"type": "script",
"status": "success",
"payload": {
"results": [
{
"value": 319,
"key": "SGMContactByEmail"
},
{
"value": 92,
"key": "Overall"
}
]
}
},
"actions": [
{
"id": "email_1",
"type": "email",
"status": "simulated",
"email": {
"message": {
"id": "email_1__inlined__8d375cd1-c793-4497-ac12-5129db8c07e6-2022-07-20T01:58:10.363434911Z_11",
"sent_date": "2022-07-20T01:58:10.366916643Z",
"to": [
"abc@qwe.com"
],
"subject": "Watch has exceeded the threshold ",
"body": {
"text": "Hi Team,\n\nKindly note the below has been exceeded in last 5 mintutes.\n\nThe output of the payload was transformed to {results=[{value=319, key=SGMContactByEmail}, {value=92, key=Overall}]}\n\n\n\n\n\n\n"
}
}
}
}
]
},
"messages": []
}