How to loop over the ctx results, so as to send the extracted details in email alert?

Divya_Thaore · July 27, 2023, 10:17am

The result set for example is :
{
"_shards": {
"total": 14,
"failed": 0,
"successful": 14,
"skipped": 0
},
"hits": {
"hits": [
{
"_index": "logs-cfsyslog-2023.07.26",
"_type": "_doc",
"_source": {
"msg": "-",
"referer": "-",
"request_size_b": 7586,
"x_forwarded_host": "-",
"type": "request",
"response_status": 502,
"correlation_id": "caef30ae-e285-430b-5d07-0a9a36c34019"
},
"_id": "RWbSkYkBtg3oak8jtmYg",
"_score": 2.2181222
},
{
"_index": "logs-cfsyslog-2023.07.24",
"_type": "_doc",
"_source": {
"msg": "-",
"referer": "-",
"request_size_b": 610,
"x_forwarded_host": "-",
"response_status": 502,
"correlation_id": "63323fc8-efba-424f-69a9-adc7e313dcb1"
},
"_id": "vY7KhokBjssTDO_uKkRP",
"_score": 2.148272
},
{
"_index": "logs-cfsyslog-2023.07.22",
"_type": "_doc",
"_source": {
"msg": "-",
"referer": "-",
"response_status": 500,
"correlation_id": "7f0b2e77-387f-468d-6bfc-5a4b710668f2"
},
"_id": "84ipf4kBjssTDO_uZFYk",
"_score": 2.0124397
}
],
"total": {
"value": 3,
"relation": "eq"
},
"max_score": 2.2181222
},
"took": 3,
"timed_out": false
}

I want to extract the correlation_id and response_status for each of the documents returned in the resultset and add the same in the email alert.

the sample which I am using right now is returning only single first value. I want to know the way of looping over the resultset.
Sample used by me for email alert is -
{
"eventType": "KibanaAlert",
"resource": {
"resourceName": "{{ctx.trigger.name}}",
"resourceType": "cloud-resource"
},
"severity": "WARNING",
"category": "ALERT",
"subject": "Kibana Alert by {{ctx.trigger.name}} triggered",
"body": "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue. CorrelationId is :{{ctx.results.0.hits.hits.0._source.correlation_id}},Response status is :{{ctx.results.0.hits.hits.0._source.response_status}}",
"tags": {
"ctx.monitor.name": "{{ctx.monitor.name}}",
"ctx.trigger.name": "{{ctx.trigger.name}}",
"ctx.periodStart": "{{ctx.periodStart}}",
"ctx.periodEnd": "{{ctx.periodEnd}}",
"ctx.trigger.severity": "{{ctx.trigger.severity}}",
"ctx.results":"{{ctx.results.0.hits.hits.0._source.correlation_id}}"

}

system · August 24, 2023, 10:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Loop throught context (ctx) data model result at action template in SLACK text field Elasticsearch elastic-stack-alerting	1	680	July 28, 2021
Kibana alerting message with query results Kibana	7	2715	March 18, 2021
How to return results with ctx.payload Kibana elastic-stack-alerting , painless	6	2946	December 2, 2020
How to include the ctx.payload.value in the email text for watcher alert? Kibana elastic-stack-alerting	24	4895	May 24, 2021
How to print my error stack trace from watchers or/and alerts in an email? Kibana elastic-stack-alerting	3	646	May 25, 2021

How to loop over the ctx results, so as to send the extracted details in email alert?

Related Topics