Storing Message in an Array for Slack Notification

alerting

#1

I've got most of my watcher setup and running, but right now I'm trying to get the message from all hits to return in the slack notification, but I get a Warning Internal Server Error when saving it and I'm not sure where I've gone wrong.

{
      "trigger": {
        "schedule": {
          "interval": "5m"
        }
      },
      "input": {
        "search": {
          "request": {
            "search_type": "query_then_fetch",
            "indices": [],
            "types": [],
            "body": {
              "query": {
                "bool": {
                  "must": {
                    "range": {
                      "Users": {
                        "gte": 2
                      }
                    }
                  },
                  "filter": {
                    "range": {
                      "TimeStamp": {
                        "from": "{{ctx.trigger.scheduled_time}}||-10m",
                        "to": "{{ctx.trigger.triggered_time}}"
                      }
                    }
                  }
                }
              }
            }
          }
        }
      },
      "condition": {
        "compare": {
          "ctx.payload.hits.total": {
            "gt": 0
          }
        }
      },
      "actions": {
        "notify-slack": {
          "throttle_period_in_millis": 9,
          "slack": {
            "message": {
              "from": "Non-Prod Alerts",
              "to": [
                "#alerts"
              ],
              "text": "Non-prod Monitoring",
              "attachments": [
                {
                  "color": "#006000",
                  "title": "Users Found",
                  "text": "{{ctx.payload.hits.total}} Servers have more than 2 users. They are {{ctx.payload.message}} "
                }
              ]
            }
          }
        }
      },
      "transform": {
        "script": {
          "inline": "return [ 'message' : ctx.payload.hits.hits.collect { it._source.Message } ]",
          "lang": "painless"
        }
      }
    }

I've also tried taking out it._source.Message and saving it still has the same internal server error.


(Alexander Reelsen) #2

Do you mind pasting the warning (including full possible stack trace) plus anything like that in the log files as well, so everyone can take a look?

Also the Elasticsearch version would be helpful.

Thanks!


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.