I am retrieving data from an index "dummyindex" and send the total count of non-zero documents in the field downtime_depth to another index. I am not able to get the value using value_count using below script. any suggestions?
POST _xpack/watcher/watch/downtimeexample
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"indices": [
"dummyindex"
],
"body": {
"size": 0,
"query": {
"range": {
"@timestamp": {
"gte": "now-14d/d"
}
}
},
"aggs": {
"hostname_agg": {
"terms": {
"field": "hostname.keyword",
"size": 10
},
"aggs": {
"state_agg": {
"terms": {
"field": "server_state.keyword",
"size": 10
}
},
"downtime_agg": {
"terms": {
"field": "downtime_depth.keyword",
"include": "0",
"size": 10
}
},
"downtime_nonzeroagg": {
"terms": {
"field": "downtime_depth.keyword",
"exclude": "0",
"size": 10
}
},
"total_terms": {
"value_count": {
"field": "downtime_depth.keyword"
}
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 1
}
}
},
"transform": {
"script": {
"source": " return [ 'nonzero_doc_count' : ctx.payload.aggregations.total_terms.value, '@timestamp': ctx.trigger.scheduled_time]"
}
},
"actions": {
"my_index_action": {
"index": {
"index": "summary-index-host-availability",
"doc_type": "mytype"
}
}
}
}