Recursively Returning Results from a Watch, Newline Output

Elastic Stack Elasticsearch
1

Hi guys,

I have managed to get my watch to output all of the usernames when someone fails to logon, they appear one after the other with a space in between, like so:

"text": "The following user(s) failed to logon: Test Admin TestAdmin User Example

This is the output I am currently using:

 "body": {
          "text": "The following user(s) failed to logon: {{#ctx.payload.hits.hits}} {{_source.target_username}} {{/ctx.payload.hits.hits}}"
        }

I would like the output to look something like:

The following users failed to logon:
                                                               
                                                               Test
                                                               Admin
                                                               TestAdmin
                                                               Example
                                                               User

Or some kind of table format, overall it just needs to be easier to read.

Cheers,

G

2

Hey,

have you tried something like

{{#ctx.payload.hits.hits}}{{_source.username}}\\n{{/ctx.payload.hits.hits}}
3

or you could use join with a transform

    "actions": {
      "logging": {
        "transform" : {
          "script" : "return ['usernames' : ctx.payload.hits.hits.stream().map(h -> h._source.username).collect(Collectors.toList()) ]"
        },
        "logging": {
          "text": "{{#join delimiter='\\n'}}ctx.payload.usernames{{/join delimiter='\\n'}}"
        }
      }
    }
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.