How to use Math operations in actions with ctx.payload.*

alerting

#1

Hey, how do I use math operations like multiplication () in actions with ctx.payload.
for example, {{#..}}{{_source.system.filesystem.used.pct}}{{/..}} gives value 0.7 but I want 0.7*100 = 70
and also how do I convert bytes to gb or mb. {{#..}}{{_source.system.memory.total}}{{/..}} value is 38114820096 bytes. How do I get required format?


(Alexander Reelsen) #2

You cannot do those calculation within mustache. You have to transform the data using a script first and then access this data in your mustache template.

See https://www.elastic.co/guide/en/elastic-stack-overview/6.4/transform-script.html


#3

"transform": {
"script": {
"source" : "doc['_source.system.filesystem.used.pct'] * multiplier",
"params": { "multiplier": 100 }
}
}
How do I use this array field
{{ctx.payload.aggregations.host.buckets}}{{top_hit.hits.hits}}{{_source.system.filesystem.used.pct}}?


(Alexander Reelsen) #4

see https://www.elastic.co/guide/en/elastic-stack-overview/6.4/transform.html

be aware that a transform replaces the existing payload, so if you want to have access to the existing fields, you have to return those plus the newly added ones. See https://github.com/elastic/examples/tree/master/Alerting for a couple of examples


#5

This information helpful to me. How do I use array field like this {{#ctx.payload.aggregations.host.buckets}}{{#top_hit.hits.hits}}{{_source.system.filesystem.used.pct}} in source field.

If I use "source" : "doc['_source.system.filesystem.used.pct'] * multiplier", it throws a runtime error. I cannot access _source.system.filesystem.used.pct field directly because its object in a array


#6

"transform": {
"script": {
"source": "doc['_source.system.filesystem.used.pct'] * params.multiplier",
"lang": "painless",
"params": {
"multiplier": 100
}
}
}
I am getting runtime error

image

"payload": {
"_shards": {
"total": 130,
"failed": 0,
"successful": 130,
"skipped": 125
},
"hits": {
"hits": [],
"total": 35,
"max_score": 0
},
"took": 32,
"timed_out": false,
"aggregations": {
"host": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"doc_count": 5,
"top_hit": {
"hits": {
"hits": [
{
"_index": "metricbeat-6.4.1-2018.10.24",
"_type": "doc",
"_source": {
"@timestamp": "2018-10-24T18:14:02.128Z",
"system": {
"filesystem": {
"device_name": "xxx",
"total": xxx,
"mount_point": "/",
"free_files": xxx,
"available": xxx,
"files": xxx,
"used": {
"pct": 0.6516,
"bytes": 12685934592
.....
.....
}


(Alexander Reelsen) #7

the doc notation is not applicate for watcher, it is only used when you want to access doc values in a query. Also, you need to access an array of data, namely ctx.payload.hits.hits, which contains the hits of a search response, and each hit has a _source, so you need to access this array via a for loop. Please have a look at the examples I posted before.


(system) #9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.