Hi there, I'm attempting to POST to an external webhook that takes an array of objects as a request body.
So far, all I've been able to output is a JSON object with a _value key that contains the array I'm looking for. Here's my action:
"actions": {
"block-ip": {
"transform": {
"script": {
"source": "def ip = '(ip.src eq ' + ctx.payload.aggregations.top_ip.buckets[0].key + ')'; def expression = ['expression': ip]; def payload = ['action': 'block', 'description': 'Automated IP Block', 'filter': expression ]; return [payload];",
"lang": "painless"
}
},
"webhook": {
"scheme": "http",
"host": "HOST",
"port": 80,
"method": "post",
"path": "/path",
"params": {},
"headers": {},
"body": "{{#toJson}}ctx.payload{{/toJson}}"
}
}
}
I'm able to grab/reference data easily, until it comes to the newly return ctx.payload.
Your docs say the following:
The executed script may either return a valid model that is the equivalent of a Java™ Map or a JSON object (you will need to consult the documentation of the specific scripting language to find out what this construct is). Any other value that is returned will be assigned and accessible to/via the
_valuevariable.
Which is what I'm seeing, and all the keys on ctx are readonly as marked by your docs.
Digging into the source code says that toJson should take an array as a parameter: Mustache: Render Map as JSON by tlrx · Pull Request #18856 · elastic/elasticsearch · GitHub
But I'm not able to get this to work how I'd like.
The output I'm seeing is
{
_value: [
{
filter: [Object],
action: 'block',
description: 'Automated IP Block'
}
]
}
But I'd like to bring everything up a level, to:
[
{
filter: [Object],
action: 'block',
description: 'Automated IP Block'
}
]
Please help guide me in the right direction!