How to compare two aggregation output in watcher in condition

Elastic Stack Elasticsearch
1

I need to compare two aggregation queries output array n watcher condition, i have used chain input to execute my queries .
not properly getting how can compare those two bucket arrays in watcher condtion.
Could i get any help from you !

This is my watcher:

{
"trigger": {
"schedule": {
"interval": "30m"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
".monitoring-beats-6-2019.02.14"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"aggs": {
"AggregatedData": {
"terms": {
"field": "beats_stats.beat.name"
}
}
}
}
}
}
}
},
{
"second": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
".monitoring-beats-6-2019.02.14"
],
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"match_all": {}
}
],
"filter": {
"range": {
"timestamp": {
"gte": "now-5m",
"lte": "now"
}
}
}
}
},
"aggs": {
"MinuteAggregateData": {
"terms": {
"field": "beats_stats.beat.name"
}
}
}
}
}
}
}
}
]
}
},
"condition": {
"script": {
"source": "return ctx.payload.aggregations",
"lang": "painless"
}
},
"actions": {}
}

2

Hey,

can you explain in more detail what the problem is? Is it accessing the fields?

ctx.payload.first.aggs.AggregatedData and ctx.payload.second.aggs.AggregatedData contains the different buckets. The next step would probably be to walk through them and compare them, but I do not know what exactly your plan is with those, so it is hard to tell for me.

Please check out the examples repo that contains a few examples to get more accustomized with scripting.

3

Heyy @spinscale

Yeah both the aggregations are contains array of bucket which is having beats names.

First aggregation result:

{
"aggregations" : {
"AggregatedData " : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "beat1",
"doc_count" : 30
},
{
"key" : "beat2",
"doc_count" : 30
},
{
"key" : "beat3",
"doc_count" : 30
},
{
"key" : "beat4",
"doc_count" : 30
}
]
}
}
}

second aggregation result:

{
"aggregations" : {
"AggregatedData " : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "beat2",
"doc_count" : 30
},
{
"key" : "beat3",
"doc_count" : 30
}
]
}
}
}

I need to compare these two arrays in watcher condition (something like that not pretty sure).
and getting outcome as beat1 and beat2 are missing in second array.

Thanks

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.