Iterate entries in ctx.payload

muraliv · June 5, 2019, 11:14am

Hi,

I have the following entries in ctx.payload and the entries are by user id. The first entry is the timestamp and the 2nd entry is the number of times the user failed to login in that bucket.

mydomain\user1=[1559669100000 2, 1559669160000 2, 1559669237000 2, 1559669280000 2, 1559669294000 1, 1559669295000 1],mydomain\user2=[1559669100000 2, 1559669160000 2, 1559669237000 2, 1559669280000 2, 1559669294000 1, 1559669295000 1]

I need help with mapping them into individual fields.

Thanks in advance.

Thanks
Murali

muraliv · June 6, 2019, 11:27am

Hi All,

I was able to figure it out :-). This is what I did.

"script": "return ['_doc':ctx.payload.entrySet().stream().flatMap(value -> value.getValue().stream().map(time_failedlogin -> ['@timestamp':time_failedlogin.substring(0,time_failedlogin.lastIndexOf(' ')), 'failed_logins':time_failedlogin.substring(time_failedlogin.lastIndexOf(' ')+1), 'alerttype': 'Login Failure', 'username':value.getKey()])).collect(Collectors.toList())];"

Thanks
Murali

system · July 4, 2019, 11:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher Alert for Failed Snapshots How to loop the ctx.payload returned Elasticsearch	4	2706	April 12, 2018
Watcher Iteration questions Elasticsearch	2	956	April 18, 2018
How to get the value of an array using ctx.payload Elasticsearch	2	1018	November 12, 2021
Watcher, Convert timestap field in loop Elasticsearch elastic-stack-alerting , painless	3	723	November 10, 2022
Any documentation on what ctx looks like? Elasticsearch elastic-stack-alerting	6	11373	July 6, 2017

Iterate entries in ctx.payload

Related Topics