How to access the "fields" field in the Elasticsearch query rule

I am using Elastic & Kibana version 8.7.1

I created a runtime_mappings field called "eventTime". I can see this runtime field and its value in the Kibana Discover page.

PUT /logs-parkingInfo/_mapping
{
"dynamic": "runtime",
"runtime": {
"eventTime": {
"type": "keyword",
"script" : {
"source" : "long milliSec = Long.parseLong(doc['timestamp'].value); Instant instant = Instant.ofEpochMilli(milliSec); ZonedDateTime zdt = ZonedDateTime.ofInstant(instant, ZoneId.of('America/Los_Angeles')); emit(zdt.format(DateTimeFormatter.ofPattern('yyyy-MM-dd @ HH:mm:ss.SSS')));"
}
}
}
}

But I cannot get the value of this runtime field (eventTime) in Elasticsearch query rule body.

image595×703 42.3 KB

{
...
"short_description": "smartParking error 1115 - No Communication with management system",
"description": "Event Time: {{#context.hits.0}}{{fields.eventTime}}{{/context.hits.0}},
virtualParkingId: {{#context.hits.0}}{{_source.virtualParkingId}}{{/context.hits.0}}",
"contact_type":"Event Management",
"u_event_source":"Elastic",
"impact":"2 - Medium",
...
}

How do I access the runtime field eventTime? I tried the following codes, both ways did not work.
{{#context.hits.0}}{{fields.eventTime}}{{/context.hits.0}}
{{#context.hits.0}}{{_source.eventTime}}{{/context.hits.0}}

Can someone give me some suggestion?

Thank you

As its name indicates runtime field is only a field that is available during the runtime of the query , as a result it is not indexed into the document itself.
You can access it as any other field in the query
you can check here for more details: Map a runtime field | Elasticsearch Guide [8.10] | Elastic