I am able to send notifications of possible anomalies to my slack space. However, I am trying to customize the message to include information surrounding the anomaly such as the [ID, timestamp, typical, actual, record_score, type] etc.
I am trying to create the message from the kibana watcher UI and I currently have this:
Watch {{ctx.metadata.name}} has exceeded the threshold {{ctx.metadata.watcherui.threshold}}
the watch execution context contains all those information. If you are unsure what is in there (because it depends on the input and in your example on the search response itself), the easiest way to find out, would be to use the execute watch API. the you can a logging action and just log out the full context via "text" : "{{ctx}}" - this will show you all the data that is available.
I am able to get information about ctx but not information by query such as
{{_source.record_score}} or {{fields.timestamp}} or {{_source.typical}} etc.
Let me know if you need the JSON to further understand my problem.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.