Hi All,
I am trying to implement a Watcher alert for error scenarios.
I have a use-case where the 1st search query will retrieve all the failure records from Kibana index.
I would like to iterate through each retrieved record and create an email action with the details of each records.
Currently, my script allows me to get only the 1st record. Can anyone help with the script to iterate through every record.
example script:
{
"trigger": {
"schedule": {
"cron": "0 0/15 * * * ?"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"mylogs-dev2"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"level": "ERROR"
}
},
{
"match": {
"fields.content.meta.messages.code": "BAD_REQUEST"
}
}
],
"filter": {
"range": {
"timestamp": {
"gte": "now-15m"
}
}
}
}
}
}
}
}
}
},
{
"second": {
"transform": {
"script": {
"source": "return [ 'correlation_id' : ctx.payload.first.hits.hits.0._source.fields.correlation_id]",
"lang": "painless"
}
}
}
},
{
"third": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"mylogs-dev2"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"fields.trace_point": "INBOUND_REQUEST_PAYLOAD"
}
},
{
"match": {
"fields.correlation_id": "{{ctx.payload.second.correlation_id}}"
}
}
],
"filter": {
"range": {
"timestamp": {
"gte": "now-15m"
}
}
}
}
}
}
}
}
}
},
{
"fourth": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"mylogs-dev2"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"message": "Inbound Object Detail"
}
},
{
"match": {
"fields.correlation_id": "{{ctx.payload.second.correlation_id}}"
}
}
],
"filter": {
"range": {
"timestamp": {
"gte": "now-15m"
}
}
}
}
}
}
}
}
}
}
]
}
},
"condition": {
"compare": {
"ctx.payload.third.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"attachments": {
"attached_data": {
"data": {
"format": "json"
}
}
},
"to": [
"sample.email@uabc.com"
],
"subject": " {{ctx.payload.third.hits.hits.0._source.message}} failed in Dev Instance ",
"body": {
"html": "<br><br><b>Request Type: </b> {{ctx.payload.third.hits.hits.0._source.message}} <br><b>Customer Reference: </b>{{ctx.payload.third.hits.hits.0._source.fields.content.references.customer_ref}} <br> <b> Record Name : </b> {{ctx.payload.fourth.hits.hits.0._source.fields.content.record_name}} <br> <b> Record Id: </b> {{ctx.payload.fourth.hits.hits.0._source.fields.content.record_id}} <br><br> <b> CRM Error Message : </b> {{ctx.payload.first.hits.hits.0._source.fields.content.meta.messages.1.text}} <br> <br><b>Trigger Time:</b> {{ctx.trigger.triggered_time}}<br><p></p>"
}
}
}
}
}