I have a working watcher alert which I would like to update and include the hostname and path info within the same message - but I can't seem to get the correct syntax!!
Currently, I have the following working:
"body": {
"html": "There were {{ctx.payload.hits.total}} matches of \"some error string\" within the last N minutes at {{ctx.execution_time}}.<br><br>Here is an example message found:<br><br> {{ctx.payload.hits.hits.0._source.message}}<br><br>."
}
Supposing, if {{host}} and {{path}} would work, I'd like the above message to read as: "There were {{ctx.payload.hits.total}} matches of "some error string" within the last N minutes on {{host}} at {{ctx.execution_time}}.
Here is an example message found:
{{ctx.payload.hits.hits.0._source.message}}
Please check the {{path}}."
Can someone please suggest how it can be done? Thanks in advance!
I am sorry, but I was not able to extract your exact question from the post. Can you please include a sample document of your search and what you would like to extract from that? If it is just about extracting a field, you already used ctx.payload.hits.hits.0._source.message to access a field in the body. If you want to extract the hostname and the path from this field, you have to do that before indexing and not during watch execution.
thank you for the tip - I was able to retrieve the hostname and path info in the same way as the message, using ctx.payload.hits.hits.0._source.host and ctx.payload.hits.hits.0._source.path, which were already defined.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.