Iterate watcher hits and perform action on each hit

Jeroen2 · June 11, 2020, 12:32pm

Hi, in the example below I have a condition where I send an alert if the first hit contains the query 'some_query'. Is it possible to iterate all hits and sent/stack all hits in an action?

 "condition": {
    "script": {
      "source": "return ctx.payload.hits.hits.0._source.message.contains('some_query')",
      "lang": "painless"
    }
  },
  "actions": {
    "opsgenie": {
      "webhook": {
        "scheme": "https",
        "host": "api.opsgenie.com",
        "port": 443,
        "method": "post",
        "path": "/v1/json/eswatcher",
        "params": {
          "apiKey": "some key"
        },
        "headers": {
          "Content-Type": "application/json"
        },
        "body": "{{#toJson}}ctx.payload.hits.hits.0._source.correlation_id{{/toJson}}"
      }
    }
  }

spinscale · June 30, 2020, 8:13am

try something like

{{#ctx.payload.hits.hits}}{{_source.whatever.field}}{{/ctx.payload.hits.hits}}

system · July 28, 2020, 8:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.