Hit results of watcher always returns the same value

Elastic Stack Elasticsearch
1

I noticed since I upgraded to elasticsearch 7.5, that the hit results of my watcher always return the same value "10000", no matter what condition or query I use in the watcher.

I feel like there is come kind of maximum set, but I can't put my finger on where. Because the same query executed on elasticsearch returns way more than 10000 hits.

Exemple of my watcher:

{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"TEST"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"must": [
{
"term": {
"result_err": "80"
}
},
{
"range": {
"@timestamp": {
"gte": "now-60m"
}
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 1
}
}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"priority": "high",
"to": [
"test@test.com"
],
"subject": "testtest",
"body": {
"text": "tototest"
}
}
}
}
}

2

Have a look at https://www.elastic.co/guide/en/elasticsearch/reference/7.5/search-request-body.html#request-body-search-track-total-hits

3

I think rest_total_hits_as_int is a wrong parameter

4

Thank you! I resolved the problem by adding

"track_total_hits": true,

I appriciate the quick answers!

5

Yes, I think so too. I'll remove it. Thanks :slight_smile:

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.