In the below example for: yellow state for ({{ctx.payload.first.hits.total}}) and red state ({{ctx.payload.second.hits.total}}). The first time a yellow status triggers the alert there is nothing in the index so the alert would look like this:
Cluster has been in a yellow state for () minutes and a red state for () minutes over the past hour Current status is yellow.
How would I do a transform or something else so the first time it triggers it would look like this:
Cluster has been in a yellow state for (0) minutes and a red state for (0) minutes over the past hour Current status is yellow.
then after it would just use the hit counter for ctx.payload.first and ctx.payload.second on the next min through if the cluster is still in a yellow or red state?
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"chain": {
"inputs": [
{
"first": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"watch_cluster_health"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"cluster_state": "yellow"
}
},
{
"range": {
"Time": {
"gte": "now-1h"
}
}
}
]
}
}
}
}
}
}
},
{
"second": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"watch_cluster_health"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match": {
"cluster_state": "red"
}
},
{
"range": {
"Time": {
"gte": "now-1h"
}
}
}
]
}
}
}
}
}
}
},
{
"third": {
"http": {
"request": {
"scheme": "http",
"host": "localhost",
"port": 9200,
"method": "get",
"path": "/_cluster/health",
"params": {},
"headers": {}
}
}
}
}
]
}
},
"condition": {
"compare": {
"ctx.payload.third.status": {
"not_eq": "green"
}
}
},
"actions": {
"notify-slack1": {
"slack": {
"message": {
"to": [
"slack_channel"
],
"text": "Cluster has been in a yellow state for ({{ctx.payload.first.hits.total}}) minutes and a red state for ({{ctx.payload.second.hits.total}}) minutes over the past hour Current status is {{ctx.payload.third.status}}."
}
}
},
"index_payload": {
"transform": {
"script": {
"source": "return [ 'Time': ctx.execution_time, 'cluster_state' : ctx.payload.third.status ]",
"lang": "painless"
}
},
"index": {
"index": "watch_cluster_health",
"doc_type": "_doc"
}
}
}
}```