Iterate watcher hits and perform action on each hit

Jeroen2 · June 11, 2020, 12:32pm

Hi, in the example below I have a condition where I send an alert if the first hit contains the query 'some_query'. Is it possible to iterate all hits and sent/stack all hits in an action?

 "condition": {
    "script": {
      "source": "return ctx.payload.hits.hits.0._source.message.contains('some_query')",
      "lang": "painless"
    }
  },
  "actions": {
    "opsgenie": {
      "webhook": {
        "scheme": "https",
        "host": "api.opsgenie.com",
        "port": 443,
        "method": "post",
        "path": "/v1/json/eswatcher",
        "params": {
          "apiKey": "some key"
        },
        "headers": {
          "Content-Type": "application/json"
        },
        "body": "{{#toJson}}ctx.payload.hits.hits.0._source.correlation_id{{/toJson}}"
      }
    }
  }

spinscale · June 30, 2020, 8:13am

try something like

{{#ctx.payload.hits.hits}}{{_source.whatever.field}}{{/ctx.payload.hits.hits}}

system · July 28, 2020, 8:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Loop through "source": "['message': ctx.payload.hits.hits.0._source ]", Elasticsearch painless	1	1103	October 26, 2021
Alertingのリアルタイム検知日本語による質問・議論はこちら	2	448	September 3, 2019
Condition In Watcher Elasticsearch elastic-stack-alerting	6	1275	January 3, 2018
Watcher's condition Elasticsearch elastic-stack-monitoring , elastic-stack-alerting	1	334	October 16, 2020
How to call a filter/report in a watcher? Elasticsearch elastic-stack-alerting	6	1075	June 29, 2021

Iterate watcher hits and perform action on each hit

Related Topics