Hi team,
I have written a watch script where I need to pass the total hits value from an es search query and also a variable that I have created using transform. I have referred the following link for this -- Watcher: Multiple transforms
Below is the script --
{
"trigger": {
"schedule": {
"interval": "2h"
}
},
"input": {
"search": {
"request": {
"body": {
"size": 1000,
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"range": {
"response_time": {
"gte": 70,
"lt": null
}
}
},
{
"match_phrase": {
"field": "abc"
}
},
{
"range": {
"response_datetime": {
"gte": "{{ctx.trigger.scheduled_time}}||-2h",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
],
"should": [],
"must_not": []
}
}
},
"indices": [
"test"
]
}
}
},
"condition": {
"script": {
"source": "if (ctx.payload.hits.total >= params.threshold) { return true; } return false;",
"params": {
"threshold": 5
}
}
},
"transform": {
"script": {
"source": """
def map = [:]
map.beginTime = Instant.ofEpochMilli(ctx.trigger.scheduled_time.getMillis()).minusSeconds(3600);
map.no_of_txns = ctx.payload.hits.total;
return map
"""
}
},
"actions": {
"email_admin": {
"email": {
"profile": "standard",
"from": "from_email@xyz.com",
"to": ["my_email@abcd.com"],
"subject": "Test Alert : Incident happened between {{ctx.payload.beginTime}} and {{ctx.trigger.scheduled_time}}",
"body": {
"html": "total count {{ctx.payload.no_of_txns}}"
}
}
}
}
}
Getting the below error while I'm simulating the script.
I'm new to painless. Can anyone please help me to identify what I'm doing wrong?
Regards,
Souvik