Watcher advanced scripts

anjana1 · October 6, 2020, 11:45pm

I am using Kibana 7.8 and below is the result of my POST _xpack/watcher/watch/949f7606-97dc-42ce-86b7-ddcf5a77d804/_execute

"result" : {
      "execution_time" : "2020-10-06T23:40:33.976Z",
      "execution_duration" : 11944,
      "input" : {
        "type" : "search",
        "status" : "success",
        "payload" : {
          "_shards" : {
            "total" : 1,
            "failed" : 0,
            "successful" : 1,
            "skipped" : 0
          },
          "hits" : {
            "hits" : [
              {
                "_index" : "apm-retmon",
                "_type" : "_doc",
                "_source" : {
                  "labels.ServiceStatus" : "2",
                  "labels.LatLong" : "41.378197,-81.462354",
                  "labels.StoreNum" : "101",
                  "labels.OrgHier" : {
                    "OrgId" : 1000,
                    "RegsterNum" : "1",
                    "Store" : "101",
                    "Region" : "West",
                    "District" : "1"
                  },```


*****************************************************
I have the below script in my watcher. I am not able to get the value of labels.ServiceStatus using below script . What is the correct syntax.


 ``` "subject": "Watcher Notification",
        "body": {
          "html": "{{#ctx.payload.hits.hits}} {{_source.labels.ServiceStatus}} {{/ctx.payload.hits.hits}}"
        }```

spinscale · October 7, 2020, 7:03am

please take your time to write up a proper question instead of just pasting an incomplete output of an API call.

What is your problem? What is not working as expected? Which version of Elastic Stack are you using? etc...

Just dumping a question will not result in a lot of people helping if they don't get any information about the actual problem.

See also https://www.elastic.co/help

Thanks!

anjana1 · October 7, 2020, 4:09pm

Kibana version : 7.9

Elasticsearch version : 7.9

APM Server version : 7.9

APM Agent language and version : java 1.8

Fresh install or upgraded from other version? fresh install

Is there anything special in your setup? For example, are you using the Logstash or Kafka outputs? Are you using a load balancer in front of the APM Servers? Have you changed index pattern, generated custom templates, changed agent configuration etc. :-no

I am trying to create watcher alert and I am using advanced watcher . I am trying to print values of index pattern fields in my watcher. My question is . can we access those fields by using {{_source.nameofIndexpatternfeild}} .

I tried to use the below in my json watcher email body to display index pattern field and it shows empty. Is this the right syntax to follow?

I hope is question is clear now . sorry for the mix up earlier

"body": {
"html": "{{#ctx.payload.hits.hits}} {{_source.labels.ServiceStatus}} {{/ctx.payload.hits.hits}}"
}

Note: labels.ServiceStatus is my field from index pattern and it is also present in watcher payload as well.

if you want to check my watcher payload it looks as below

     "execution_time" : "2020-10-06T23:40:33.976Z",
     "execution_duration" : 11944,
     "input" : {
       "type" : "search",
       "status" : "success",
       "payload" : {
         "_shards" : {
           "total" : 1,
           "failed" : 0,
           "successful" : 1,
           "skipped" : 0
         },
         "hits" : {
           "hits" : [
             {
               "_index" : "apm-retmon",
               "_type" : "_doc",
               "_source" : {
                 "labels.ServiceStatus" : "2",
                 "labels.LatLong" : "41.378197,-81.462354",
                 "labels.StoreNum" : "101",
                 "labels.OrgHier" : {
                   "OrgId" : 1000,
                   "RegsterNum" : "1",
                   "Store" : "101",
                   "Region" : "West",
                   "District" : "1"
                 },  ```

spinscale · October 8, 2020, 8:33am

Hey,

now, we're talking this helps a lot to identify the problem.

This is due to the way that the mustache template languages interpretes a dot. By using _source.labels.ServiceStatus the JSON structure is assumed as

{
  "_source" : {
    "labels" : {
      "ServiceStatus" : "2"
    }
  }

As this structures does not exist, the field is null. I do not see an immediate workaround with mustache only here.

You can use a painless script and access those fields as ctx.payload.hits.hits[0]._source["labels.ServiceStatus"] and rename them in a transform, so that they are available in a mustache script.

system · November 5, 2020, 8:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Watcher using monitoring index Kibana elastic-stack-monitoring , elastic-stack-alerting	13	1563	June 10, 2020
Watcher Assistance (ii) Elasticsearch elastic-stack-alerting	3	443	April 2, 2021
Email notification with source details Elasticsearch elastic-stack-alerting	4	628	May 30, 2018
Watcher payload json array access Kibana elastic-stack-alerting	4	2257	December 26, 2018
How to put the value of {{ctx.payload.aggregations.bucketAgg.buckets}} into Watcher body Kibana	1	394	June 18, 2020

Watcher advanced scripts

Related topics