How to using scripted field value in watcher?

Hi ,
i have created a scripted field called "duration" which will return in number. and i confirm this scripted field value is showing in Kibana when query.

If i want to show this scripted field value by using watcher, how do do that because i tried many method below, the field value still showing null when send in email:

_source.duration
_all.duration
doc[duration].value
doc.duration

1 Like

Hey

if it is a scripted field, then the query you are executing in watcher also needs to create such a scripted field. Can you share the query you are running in your watch and if it is querying for such a scripted field as well?

Hi Alex,
below is my scripted field name with "value":
doc['A'].value - doc['B'].value

and below is my watcher, i would like to compare if ctx.payload.hits.total > value then trigger to send email, how i can put this scripted field "value" in watcher .. ?

{
  "trigger": {
    "schedule": {
      "interval": "1h"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "websys-wcs*"
        ],
        "types": [],
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "match_phrase": {
                    "message": "E"
                  }
                },
                {
                  "match": {
                    "fields.env": "prod"
                  }
                },
                {
                  "wildcard": {
                    "source.keyword": "/opt/apps/IBM/WebSphere/AppServer/profiles/wccommp/logs/commerceServer*/SystemOut.log"
                  }
                }
              ],
              "filter": [
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-5m"
                    }
                  }
                }
              ]
            }
          },
          "sort": [
            {
              "@timestamp": {
                "order": "desc",
                "unmapped_type": "boolean"
              }
            }
          ]
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gt": value
      }
    }
  },
  "actions": {
    "send_email": {
      "email": {
        "profile": "standard",
        "to": [
          abc@abc.com"
        ],
        "subject": "testing",
        "body": {
          "text": "The alert condition for testing was triggered:\n\n{{#ctx.payload.hits.hits}}\n\nHostname:{{_source.hostname}}\nSource:{{_source.source}}\nTags:{{_source.tags}}\n{{_source.message}}\n\n{{/ctx.payload.hits.hits}}"
        }
      }
    }
  }
}

See the docs how to add a script field in kibana: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-script-fields.html

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.