How to access _resource in context?

gunjan_prmr · February 13, 2020, 9:22pm

I have set up alert in Kibana for slack notification which works fine. I can access my trigger name by

{{ ctx.trigger.name }}

I want to access _source but I don't see that in ctx. How can I access that?

{{ ctx }} gives me following:

{
  monitor = {
    _id = ,
    _version = 1,
    name = Failed Order Alert - Gunjan,
    enabled = true
  }, trigger = {
    id = JjTeOnABiAzvZMW0wxvs,
    name = Failed Order Trigger,
    severity = 1,
    actions = [{
      name = JUST TESTING
    }]
  }, results = [{
    _shards = {
      total = 75,
      failed = 0,
      successful = 75,
      skipped = 0
    },
    hits = {
      hits = [],
      total = {
        value = 0,
        relation = eq
      },
      max_score = null
    },
    took = 5,
    timed_out = false
  }], periodStart = 2020 - 02 - 12 T21: 52: 50.671 Z, periodEnd = 2020 - 02 - 12 T21: 53: 50.671 Z, alert = null, error = null
}

Nathan_Reese · February 14, 2020, 2:17pm

_source will be in each object in hits.hits array. _source contains the original fields for documents. hits contains the search results from an _search request. You can find documentation about hits at https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html#search-api-response-body

gunjan_prmr · February 14, 2020, 4:18pm

gunjan_prmr:

{
  monitor = {
    _id = ,
    _version = 1,
    name = Failed Order Alert - Gunjan,
    enabled = true
  }, trigger = {
    id = JjTeOnABiAzvZMW0wxvs,
    name = Failed Order Trigger,
    severity = 1,
    actions = [{
      name = JUST TESTING
    }]
  }, results = [{
    _shards = {
      total = 75,
      failed = 0,
      successful = 75,
      skipped = 0
    },
    hits = {
      hits = [],
      total = {
        value = 0,
        relation = eq
      },
      max_score = null
    },
    took = 5,
    timed_out = false
  }], periodStart = 2020 - 02 - 12 T21: 52: 50.671 Z, periodEnd = 2020 - 02 - 12 T21: 53: 50.671 Z, alert = null, error = null
}

That is what I thought. In that case, why don't I see that in {{ ctx }} object I have pasted above?

gunjan_prmr · February 14, 2020, 4:20pm

That is what I thought. In that case, why don't I see that in {{ ctx }} object I have pasted above?

Nathan_Reese · February 14, 2020, 4:49pm

So the hits array is empty? What does your watch query look like? Are you setting size?

gunjan_prmr · February 14, 2020, 4:51pm

Here is my monitor and the blob I posted in my original question, that is the entire ctx object.

gunjan_prmr · February 14, 2020, 6:10pm

Here is the query. How can I define _source here?
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": "{{period_end}}||-30d",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}

gunjan_prmr · February 21, 2020, 6:03pm

I have resolved this. In Kibana logs, when you click on REFRESH button. it makes POST call where you can get the query and tweak it accordingly.

Topic		Replies	Views
How to use Ctx Variable to access the source fields in Kibana Kibana	2	964	June 21, 2019
Using ctx.results Variable in a Message Kibana painless	3	3486	March 6, 2020
Kibana - Metric Threshold Alert - {{context.group}} Kibana elastic-stack-alerting	2	852	February 17, 2023
Cannot figure out how to get data from _source into Watch Output Elasticsearch	9	5047	June 20, 2017
Display log message in kibana alerting Elasticsearch	5	262	May 8, 2024

How to access _resource in context?

Related topics