Multiple condition checking and compare count

ranju · July 8, 2021, 6:43pm

Need to check two conditions with test type, for eg we have two types of test
RTPCR and Antigen. we need to get an alert if the count of Antigen tests with positive cases is greater than 70% of RTPCR's positive case count in the last 1 hr. Also,
we need to check at least 500 tests must be done.

Can anyone please support me? Not sure the Must case can be done like this and in condition I need to check the Antigen test positive count is > 70%

{
  "watch": {
    "trigger": {
      "schedule": {
        "interval": "1h"
      }
    },
    "input": {
	
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "test-*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "@timestamp": {
                    "gte": "{{ctx.trigger.scheduled_time}}||-1h",
                    "lte": "{{ctx.trigger.scheduled_time}}",
                    "format": "strict_date_optional_time||epoch_millis"
                  }
                }
              },
              "must": [
                {
				 "first": {
        
                 "match": {
                    "test": "RTCPR"
                  },
				  "match": {
                    "result": "postive"
                  },
              
            }
                 
                },
				 "second": {
        
                 "match": {
                    "test": "Antigen"
                  },
				  "match": {
                    "result": "postive"
                  },
              
            }
			
			  "condition": {
    "compare": {
       "script": {
        "inline": "ctx.payload.first >=100 && ctx.payload.second >=100 "
      }
    }
  },
  "actions": {
    "notify-slack": {
      "slack": {
        "account": "Test-Bot",
        "message": {
          "from": "Test-Bot",
          "to": [
            "#Test-notification"
          ],
          "text": "Test  Count",
          "attachments": [
            {
              "color": "danger",
              "title": "Test  Count",
              "text": "SMS Lock down "
            }
          ]
        }
      }
    }
  }
}

spinscale · July 9, 2021, 8:16am

Can you explain what your concrete problem is? You already use a script condition, which means you have the infrastructure in place to check for several conditions. In your example you probably would like to query for the data from the last hour, check that the total hits are greater and 500 and then have an aggregation (probably a filters one for positive and negative results) and then compare those two values as second part of your condition.

Hope this helps!

ranju · July 9, 2021, 8:57am

First time checking multiple conditions Hope my must part is clear if it was good. then how can we check the count and second condition if the antigen-positive count above 70% than RTPCR case in the script.

spinscale · July 12, 2021, 8:03am

This is impossible to answer without the data structure and query response in mind, try providing a reproducible example and also try to provide the script you already tried with.

system · August 9, 2021, 8:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.