See the image, I'm trying to define an alert such that a certain percentage will trigger the alert.
Two issues:

1. how to take the ERROR/SUCCESS doc from the list, I tried with (buckets{key:SUCCESS} which does not work)
2. the divide operation round the numbers like integer, I need a float number. (0.01)

Screen Shot 2021-01-29 at 14.22.33738×676 53.1 KB

Result example

{
"_shards": {
"total": 2080,
"failed": 0,
"successful": 2080,
"skipped": 2030
},
"hits": {
"hits": ,
"total": {
"value": 3750,
"relation": "eq"
},
"max_score": null
},
"took": 51,
"timed_out": false,
"aggregations": {
"2": {
"doc_count": 3750,
"buckets": [
{
"score": 0.0717097145653337,
"doc_count": 3723,
"bg_count": 202611071,
"key": "SUCCESS"
},
{
"score": 0.008978920146330968,
"doc_count": 4,
"bg_count": 24784,
"key": "PARTIAL_SUCCESS"
},
{
"score": 0.0020247561180953572,
"doc_count": 22,
"bg_count": 954370,
"key": "ERROR"
}
],
"bg_count": 218821134
}
}
}

Alert condition

ctx.results[0].aggregations.2.buckets{key:SUCCESS}.doc_count / ctx.results[0].hits.total.value == 0

Hi @Guy_Assaf,
Welcome to our community
I'm afraid that this thread is related to "AWS Open Distro", and then question may be asked here for more relevant answers

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.