I have an elasticsearch query type rule configured for my index to detect certain fields with particular values. Also i have an corresponding email connector configured in which I am configuring my custom content using {{context.hits}}. So to achieve this custom content i need to get the very first occurred timestamp of the hits to be displayed in the email content, for which i tried using {{context.hits.0._source.@timestamp}} which is returning only the recent timestamp from the hits.
I want my email content to have the timestamp of first occurred event from the hits.
@Anandhu_R_K We use the mustache library for action templating and unfortunately, there is not a way to get the last element of an array using mustache, which is what we would want in this scenario.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.