Need help with {{ctx.payload.aggregations.bucketAgg.buckets.key : null}} in watcher hence wont trigger email action

vdalvi · May 28, 2020, 5:07pm

Hi,

I am new to Kibana Watchers and I am facing issues in parsing the desired value to "ctx.payload.aggregations".

I get the below result

"ctx.payload.aggregations.numberofcmtsId.buckets.count_deriv.value": null

My Watcher Query is as below

{
  "trigger" : {
    "schedule" : { "interval" : "60s" } 
  },
  "input" : {
    "search" : {
      "request" : {
        "indices" : [ "snmp-*" ],
        "body" : {
          "size":0,
          "query": {
            "range": {
              "timestamp": {
                "gte": "now-90m/m",
                "lte": "now-30m/m"
              }
            }
          },
          "aggs": {
            "every30min": {
              "date_histogram": {
                "field": "timestamp",
                "fixed_interval": "30m",
                "order": {
                  "_key": "desc"
                }
              },
              "aggs": {
                "numberofcmtsId": {
                  "cardinality": {
                    "field": "cmtsId"
                  }
                },
                "count_deriv": {
                  "derivative": {
                    "buckets_path": "numberofcmtsId" 
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "condition" : {
    "compare": {
      "ctx.payload.aggregations.numberofcmtsId.buckets.count_deriv.value" : { "gt" : 10 }
    }
  },
  "actions" : {
  "send_email" : { 
    "throttle_period" : "5m",
    "email" : { 
      "to" : "abc@xyz.com", 
      "subject" : "TEST: CMTS Count Watcher Notification", 
      "body" : "" 
      }
    }
  }
}

Can anyone please help on what I am doing wrong in "ctx.payload.aggregations" ?

tsullivan · May 30, 2020, 4:53am

In this query:

{
  "size": 0,
  "query": {
    "range": {
      "timestamp": {
        "gte": "now-90m/m",
        "lte": "now-30m/m"
      }
    }
  },
  "aggs": {
    "every30min": {
      "date_histogram": {
        "field": "timestamp",
        "fixed_interval": "30m",
        "order": {
          "_key": "desc"
        }
      },
      "aggs": {
        "numberofcmtsId": {
          "cardinality": {
            "field": "cmtsId"
          }
        },
        "count_deriv": {
          "derivative": {
            "buckets_path": "numberofcmtsId"
          }
        }
      }
    }
  }
}

I think the first numberofcmtsId agg bucket in the result would not have any value for count_derive, right? Derivatives need more than one metric for comparison, since derivatives are a value of difference between 2 metrics.

I'm not sure if you are seeing any error messages, but the issue could be that you have to add a pre-condition to count_deriv.value to ensure that it is not null.

For more help, I would suggest reaching out in the Elasticsearch channel of this Discuss forum. But I hope that helps all you need

-Tim

system · June 27, 2020, 4:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.