Index_out_of_bounds_exception watcher using aggregration

stack-alerting

(Muhammad Saleem) #1

Here is my code to create a watcher, which is trying to compare two values from the aggregated values from the payload.
The problem is when there is no data being context by the condition in the watcher, it returns the

"exception": {
"type": "index_out_of_bounds_exception",
"reason": "Index: 1, Size: 0"
}

Here is the watcher json

{
"trigger": {
"schedule": {
"interval": "12h"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"pbs_logs*"
],
"types": ,
"body": {
"query": {
"bool": {
"filter": {
"range": {
"wall_clock_time": {
"from": "now-10h",
"to": "now"
}
}
}
}
},
"aggs": {
"group_by_search": {
"terms": {
"field": "data.search-version.keyword",
"size": 2,
"order": {
"_key": "asc"
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.aggregations.group_by_search.buckets.0.doc_count": {
"gte": "{{ctx.payload.aggregations.group_by_search.buckets.1.doc_count}}"
}
}
},
"actions": {}
}

How can I make the watcher able to check if the response from the condition is empty then do not proceed with the execution


(Alexander Reelsen) #2

you should use a script based condition and check for the size of the buckets array.

See the alerting examples repo for some inspiration to copy from.

--Alex


(system) closed #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.