Watcher advanced scripts

anjana1 · October 6, 2020, 11:45pm

I am using Kibana 7.8 and below is the result of my POST _xpack/watcher/watch/949f7606-97dc-42ce-86b7-ddcf5a77d804/_execute

"result" : {
      "execution_time" : "2020-10-06T23:40:33.976Z",
      "execution_duration" : 11944,
      "input" : {
        "type" : "search",
        "status" : "success",
        "payload" : {
          "_shards" : {
            "total" : 1,
            "failed" : 0,
            "successful" : 1,
            "skipped" : 0
          },
          "hits" : {
            "hits" : [
              {
                "_index" : "apm-retmon",
                "_type" : "_doc",
                "_source" : {
                  "labels.ServiceStatus" : "2",
                  "labels.LatLong" : "41.378197,-81.462354",
                  "labels.StoreNum" : "101",
                  "labels.OrgHier" : {
                    "OrgId" : 1000,
                    "RegsterNum" : "1",
                    "Store" : "101",
                    "Region" : "West",
                    "District" : "1"
                  },```


*****************************************************
I have the below script in my watcher. I am not able to get the value of labels.ServiceStatus using below script . What is the correct syntax.


 ``` "subject": "Watcher Notification",
        "body": {
          "html": "{{#ctx.payload.hits.hits}} {{_source.labels.ServiceStatus}} {{/ctx.payload.hits.hits}}"
        }```

spinscale · October 7, 2020, 7:03am

please take your time to write up a proper question instead of just pasting an incomplete output of an API call.

What is your problem? What is not working as expected? Which version of Elastic Stack are you using? etc...

Just dumping a question will not result in a lot of people helping if they don't get any information about the actual problem.

See also https://www.elastic.co/help

Thanks!

anjana1 · October 7, 2020, 4:09pm

Kibana version : 7.9

Elasticsearch version : 7.9

APM Server version : 7.9

APM Agent language and version : java 1.8

Fresh install or upgraded from other version? fresh install

Is there anything special in your setup? For example, are you using the Logstash or Kafka outputs? Are you using a load balancer in front of the APM Servers? Have you changed index pattern, generated custom templates, changed agent configuration etc. :-no

I am trying to create watcher alert and I am using advanced watcher . I am trying to print values of index pattern fields in my watcher. My question is . can we access those fields by using {{_source.nameofIndexpatternfeild}} .

I tried to use the below in my json watcher email body to display index pattern field and it shows empty. Is this the right syntax to follow?

I hope is question is clear now . sorry for the mix up earlier

"body": {
"html": "{{#ctx.payload.hits.hits}} {{_source.labels.ServiceStatus}} {{/ctx.payload.hits.hits}}"
}

Note: labels.ServiceStatus is my field from index pattern and it is also present in watcher payload as well.

if you want to check my watcher payload it looks as below

     "execution_time" : "2020-10-06T23:40:33.976Z",
     "execution_duration" : 11944,
     "input" : {
       "type" : "search",
       "status" : "success",
       "payload" : {
         "_shards" : {
           "total" : 1,
           "failed" : 0,
           "successful" : 1,
           "skipped" : 0
         },
         "hits" : {
           "hits" : [
             {
               "_index" : "apm-retmon",
               "_type" : "_doc",
               "_source" : {
                 "labels.ServiceStatus" : "2",
                 "labels.LatLong" : "41.378197,-81.462354",
                 "labels.StoreNum" : "101",
                 "labels.OrgHier" : {
                   "OrgId" : 1000,
                   "RegsterNum" : "1",
                   "Store" : "101",
                   "Region" : "West",
                   "District" : "1"
                 },  ```

spinscale · October 8, 2020, 8:33am

Hey,

now, we're talking this helps a lot to identify the problem.

This is due to the way that the mustache template languages interpretes a dot. By using _source.labels.ServiceStatus the JSON structure is assumed as

{
  "_source" : {
    "labels" : {
      "ServiceStatus" : "2"
    }
  }

As this structures does not exist, the field is null. I do not see an immediate workaround with mustache only here.

You can use a painless script and access those fields as ctx.payload.hits.hits[0]._source["labels.ServiceStatus"] and rename them in a transform, so that they are available in a mustache script.

system · November 5, 2020, 8:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.