Kibana Dev Tools console error

Elastic Stack Kibana
1

Dear all
Today,I l study to write console in Kibana,but when "click to send the request",it has some error.
{
"error": {
"root_cause": [
{
"type": "parse_exception",
"reason": "could not read search request. unexpected object field [query]"
}
],
"type": "parse_exception",
"reason": "could not parse [search] input for watch [cpu_watch]. failed to parse [request]",
"caused_by": {
"type": "parse_exception",
"reason": "could not read search request. unexpected object field [query]"
}
},
"status": 400
}
and the console,I write is shown as follow:
PUT _xpack/watcher/watch/cpu_watch
{
"trigger": {
"schedule":{
"interval":"10s"
}
},
"input": {
"search":{
"request":{
"indices":["metricbeat-*"],
"body":{
"size":0,
"aggs":{
"max_cpu":{
"max":{
"field":"system.process.cpu.total.pct"
}
}
}
},
"query":{
"bool":{
"must":[
{
"range":{
"@timestamp":{
"gte":"now-10s"
}
}
}
]
}
}
}
}
},
"condition": {
"script":{
"lang": "painless",
"inline": "if (ctx.payload.aggregations.max_cpu.value>0.4){return true;}return false;"
}

},
"actions": {
"logs":{
"transform":{},
"logging":{
"text":"Max CPU alert executed:{{ctx}}"
}
},
"index_payload":{
"transform":{
"script":{
"lang":"painess",
"inline":"Map result=new HashMap();result['@timestamp']=
ctx.trigger.trigerred_time;result['cpu']=ctx.payload.aggregations.max_cpu.value;return result;"
}
},
"index":{
"index":"cpu-anomaly-alerts",
"doc-type":"alert"
}
}

}
}
I can not find the error.can anyone help me?
Thank you very much.

2

Hi lujiao

Please don't post unformatted code as it's very hard to read.

Instead paste the text and format it with </> icon, and check the preview
window to make sure it's properly formatted before posting it. This makes it
more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

I tested your payload in https://jsonlint.com and the following is not valid (around the index_payload.transform.script.inline):

{
	"trigger": {
		"schedule": {
			"interval": "10s"
		}
	},
	"input": {
		"search": {
			"request": {
				"indices": ["metricbeat-*"],
				"body": {
					"size": 0,
					"aggs": {
						"max_cpu": {
							"max": {
								"field": "system.process.cpu.total.pct"
							}
						}
					}
				},
				"query": {
					"bool": {
						"must": [{
							"range": {
								"@timestamp": {
									"gte": "now-10s"
								}
							}
						}]
					}
				}
			}
		}
	},
	"condition": {
		"script": {
			"lang": "painless",
			"inline": "if (ctx.payload.aggregations.max_cpu.value>0.4){return true;}return false;"
		}

	},
	"actions": {
		"logs": {
			"transform": {},
			"logging": {
				"text": "Max CPU alert executed:{{ctx}}"
			}
		},
		"index_payload": {
			"transform": {
				"script": {
					"lang": "painess",
					"inline": "Map result=new HashMap();result['@timestamp']=
					ctx.trigger.trigerred_time;result['cpu'] = ctx.payload.aggregations.max_cpu.value;
					return result;
					"
				}
			},
			"index": {
				"index": "cpu-anomaly-alerts",
				"doc-type": "alert"
			}
		}

	}
}
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.