Trying to get the result from bucket_script to use in the transform section - specifically v = params.value
//
{
"trigger": {
"schedule": {
"intervel": "15m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": ["index-name"],
"rest_total_hits_as_int": true,
"body": {
"size":0,
"query": {
"bool": {
"must":[
A COUPLE of QUERY strings that work to get us the data we need]
}
},
"aggs": {
"hosts": {
"terms": {
"field": "date-field", ------ one of our fields ------
"order": {"_count": "desc"}
},
"aggs": {
"timeseries": {
"auto_date_histogram": {
"field": "timestamp",
"buckets": 1
},
"aggs": {
"numerator": {
"filter": {
"bool": {
"must": [
{
"query_string": {
"query": " data from 1 of our fields"
}
}
],
"filter": ,
"should": ,
"must_not":
}
},
"aggs": {
"metric": {
"max": {
"field": "value"
}
}
}
},
"denominator": {
"filter": {
"bool": {
"must": [
{
"query_string": {
"query": " data from 1 of our fields"
}
}
],
"filter": ,
"should": ,
"must_not":
}
},
"aggs": {
"metric": {
"max": {
"field": "value"
}
}
}
},
"percentage": {
"bucket_script": {
"buckets_path": {
"numerator": "numerator>metric",
"denominator": "denominator>metric"
},
"script": "params.numerator / params.denominator * 100"
}
}
}
}
}
}
}
}
}
}
},
"conditions": {
"always": ()
},
"actions": {
"logstash_webhook": {
"foreach": "ctx.payload.docs",
"max_iterations": 500,
"webhook": {
SOME PORT-Host information
"body": "{{#toJson}}ctx.payload{{toJson}}"
}
}
},
"transform": {
"script": {
"source": "def docs={}; for(bucket in ctx.payload.aggregations.hosts.buckets){ def color_1='green';def val_1=1; def v= params.value; def tt_1 = 'Memory Usage is'+v;
if(Double.parseDouble(v)>70){ color_1='yellow'; val_1=2; }if(Double.parseDouble(v)>=80){color_1='red'; val_1=3; } return ['docs': docs];",
"lang": "painless"
}
}
}