Watcher action logging when condition array_compare

Jo_De_Troy · July 6, 2018, 12:24pm

Hello,

I've created a watch with a search creating buckets and an array_compare condition.
I'd like to have an action that logs only the array elements where the condition is met.
Like below:
"condition": {
"array_compare": {
"ctx.payload.aggregations.by_host.buckets": {
"path": "averageResponseDuration",
"gt": {
"value": "200.",
"quantifier": "some"
}
}
}
},
"actions": {
"my-logging-action": {
"logging": {
"level": "info",
"text": "For {{ctx.payload.aggregations.by_host.buckets.key}} averageresponseDuration in too high. Threshold is 200."
}
}
}

But I don't know how I need to write the action logging text to only show the elements of the buckets that meet the condition, What is the best way to get this? Are there any alternatives possible?

Thx
Jo

spinscale · July 6, 2018, 12:31pm

Two possibilities: First you write a script transform in the watch, that filters for those buckets. Or, second, you write a bucket_selector pipeline aggregation, see https://www.elastic.co/guide/en/elasticsearch/reference/6.3/search-aggregations-pipeline-bucket-selector-aggregation.html#search-aggregations-pipeline-bucket-selector-aggregation

system · August 3, 2018, 12:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Watcher: getting items into array with condition met Elasticsearch	2	773	September 11, 2017
Unknown condition type [array_compare]]; Elasticsearch elastic-stack-alerting	4	1386	July 6, 2017
How to compare two aggregation output in watcher in condition Elasticsearch elastic-stack-alerting	3	1777	March 15, 2019
Getting only items from "array_compare" condition is met Elasticsearch elastic-stack-alerting	5	1321	April 25, 2018
No alert form array results Elasticsearch elastic-stack-alerting	14	3012	July 6, 2017

Watcher action logging when condition array_compare

Related topics