Multi Document Index in not working with 6.1.3

Elastic Stack Elasticsearch
1

Hi,

We have a test Elastic Cloud Enterprise on AWS. I followed blog https://www.elastic.co/blog/understanding-your-teams-usage-with-elastic-cloud-enterprise and created a dedicated cluster for watcher for collecting cluster information. The elasticsearch cluster I created is of version 6.1.3. Then I wanted to create a watch to collect cluster information from Elastic Cloud Enterprise API (Also mentioned in the blog above). My watch looks like

curl -k -u elastic:removedintentionally -X PUT "https://86fb30ea0abe4b779255e639c8c50c11.ipremovedintentionally.ip.es.io:9243/_xpack/watcher/watch/clusters_transform" -H 'Content-Type: application/json' -d'
{
"trigger": {
"schedule": {
"interval": "10m"
}
},
"input": {
"http": {
"request": {
"scheme": "http",
"host": "Cloud UI LoadBalancer IP Removed Intentionally",
"port": 80,
"method": "get",
"path": "/api/v1/clusters/elasticsearch",
"params": {},
"headers": {},
"auth": {
"basic": {
"username": "readonly",
"password": "removedintentionally"
}
}
}
}
},
"condition": {
"always": {}
},
"actions": {
"index_payload": {
"transform": {
"script": {
"source": "return ['_doc' : ctx.payload.elasticsearch_clusters]",
"lang": "painless"
}
},
"index": {
"index": "ece-running-clusters",
"doc_type": "ece-running-cluster",
"execution_time_field": "timestamp"
}
}
}
}
'
The error I receive while creating the watch is

{
"error": {
"root_cause": [{
"type": "script_exception",
"reason": "compile error",
"script_stack": ["return [_doc : ctx.payload.elasti ...", " ^---- HERE"],
"script": "return [_doc : ctx.payload.elasticsearch_clusters]",
"lang": "painless"
}
],
"type": "script_exception",
"reason": "compile error",
"script_stack": ["return [_doc : ctx.payload.elasti ...", " ^---- HERE"],
"script": "return [_doc : ctx.payload.elasticsearch_clusters]",
"lang": "painless",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Variable [_doc] is not defined."
}
},
"status": 500
}

The Clusters info is properly returned by curl -k -X GET -u readonly:removed removed:80/api/v1/clusters/elasticsearch. I also tried by removing the quotes surrounding _doc in transform section. It didn't help. Can someone point me to what is wrong here?

Regards,
Sindhura

2

Hi, I havent looked at this much yet, but let me first ask if you are escaping the single quotes in the painless script. It looks like you are doing single quotes around the whole json body so u dont have to escape all the double quotes, but since there are single quotes in there, maybe its misinterpreting it via the cli? try \'_doc\' and then if that fails i will attempt to execute this watch on a test cluster of my own.

Thanks,
Baz.

3

Hey,

have you tried return [ '_doc' : ... ] (in quotes) and see if that works? Otherwise painless tries to interpret _doc as a variable instead of as a quoted string.

--Alex

4

Hi Baz,

Thanks for your Reply. Using double quotes and escaping them worked (\"_doc\"). Escaping single quotes didn't work.

1 Like
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.