I want to alert on error_percent > 9, but I don't know how to reference value under the field in the response.
transactioncount,
errorcount,
error_percent
There are two error_percent fields in your response.
A specific one could be access via ctx.payload.aggregations.project.buckets.0.error_percent or ctx.payload.aggregations.project.buckets.1.error_percent
There are a couple of solutions now. First you could loop over all the results and find the minimum value. Second you could use a min_bucket pipeline agg to get the minimal value and only compare that one.
I finally got it. Problem is the admins put a clunky we front end on watcher which outputs nothing if there is any error, making it very hard to troubleshoot.
This works:
"transform": {
"script": {
"inline": "ctx.payload.aggregations.project.buckets.stream().filter(it -> it.Error_Percent.value > 9).map(it -> ['project_name':it.key,'err_percent':Math.round(it.Error_Percent.value),'errcount':Math.round(it.errorcount.value),'transcount':Math.round(it.transactioncount.value)]).collect(Collectors.toList());",
"lang": "painless"
}
},
...
then I can alert slack
"text": "Below Engines have errors.\n{{#ctx.payload._value}}Project Name: {{project_name}}\tError Percent: {{err_percent}}%\tTransaction Count: {{transcount}}\tError Count: {{errcount}}\n{{/ctx.payload._value}}",
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.