Parse the values from aggregation results in watcher transform painless script

Pavani_Reddy · August 9, 2023, 5:51pm

Please help on painless script for parsing the timestamp and compare with now-1h.
'''
"aggs": {
"by_index": {
"terms": {
"field": "_index"
},
"aggs": {
"by_timestamp": {
"max": {
"field": "@timestamp"
}
}
}
}
}
'''
I have the aggregated result as below
'''
"aggregations" : {
"by_index" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 607,
"buckets" : [
{
"key" : "watcher-alert-index1-2023.08.08",
"doc_count" : 832,
"by_timestamp" : {
"value" : 1.691515913592E12,
"value_as_string" : "2023-08-08T17:31:53.592Z"
}
},
{
"key" : "watcher-alert-index1-2023.08.07",
"doc_count" : 623,
"by_timestamp" : {
"value" : 1.691423470253E12,
"value_as_string" : "2023-08-07T15:51:10.253Z"
}
]
}
}
'''
I want to parse the timestamp from the above using painless script from the above result and compare with now-1h in watcher snippet.

I am new to painless script.

Please help me on this and guide me.

Thanks in advance,
Pavani

system · September 6, 2023, 5:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher aggregation transform painless question Elasticsearch painless	1	263	November 25, 2022
Painless Script for Index Action Elasticsearch elastic-stack-alerting	2	14523	June 28, 2017
Use painless script in transform aggregation Elasticsearch	7	911	August 10, 2020
Using painless with aggregation results Elasticsearch	14	6964	March 5, 2018
Use Painless to only return a subset of the Watch payload Elasticsearch elastic-stack-alerting	3	712	November 28, 2019

Parse the values from aggregation results in watcher transform painless script

Related Topics