Hello all,
I am able to send notifications of possible anomalies to my slack space. However, I am trying to customize the message to include information surrounding the anomaly such as the [ID, timestamp, typical, actual, record_score, type] etc.
I am trying to create the message from the kibana watcher UI and I currently have this:
Watch {{ctx.metadata.name}} has exceeded the threshold {{ctx.metadata.watcherui.threshold}}
Thank you in advance
the watch execution context contains all those information. If you are unsure what is in there (because it depends on the input and in your example on the search response itself), the easiest way to find out, would be to use the execute watch API. the you can a logging action and just log out the full context via "text" : "{{ctx}}" - this will show you all the data that is available.
Hello,
I am able to get information about ctx but not information by query such as
{{_source.record_score}} or {{fields.timestamp}} or {{_source.typical}} etc.
Let me know if you need the JSON to further understand my problem.
Thank you again,
Alice
Accessing hits data requires you to access the ctx.payload.hits.hits array.
Take a look at the Alerting examples in our examples repo, which makes use of that.
--Alex
The following blogs on ML Scoring and Alerting might be helpful:
If you want detailed information about the record_score, typical, actual, etc you could look at this specific record-based watch example:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.