I'm trying to find a way to send every log which attribute "Exception" includes "statusCode: 500" and word "exception". At this time my watcher send information about 10000 logs every check. But its wrong, if i check it manually there is no logs with that attributes. Can you help me how to find just these logs? And is there any possibility for making separate emails for each bugs? I mean a situation where a separate email is sent with the full log.
{ "trigger": { "schedule": { "interval": "900m" } }, "input": { "search": { "request": { "search_type": "query_then_fetch", "indices": [ "=hpiprod=" ], "rest_total_hits_as_int": true, "body": { "query": { "bool": { "must": [ { "match": { "Exception": "Exception" } }, { "match": { "Exception": "StatusCode: 500" } } ] } } } } } }, "condition": { "compare": { "ctx.payload.hits.total": { "gt": 0 } } }, "actions": { "send_email": { "email": { "profile": "standard", "to": [ "test@test.com" ], "subject": "testlogs", "body": { "text": "{{ctx.payload.hits.total}} Errors have occured in the logs:{{#ctx.payload.hits.hits}}{{_id}}:{{/ctx.payload.hits.hits}} Result Message:{{#ctx.payload.hits.hits}}{{_source.message}}:{{/ctx.payload.hits.hits}}" } } } } }