Hey,
I'm trying to simulate a custom watcher alert on an index - it creates index with some aggregations on the given index in order to add only those that pass some threshold. The watcher uses date histogram on the key.date field - when I'm using 'day' I'm getting results, but when using 'week' in the histogram I'm getting 0 results in the compare buckets. I've checked and the data in my index should yield bucket results although the change from day to week.
The watcher:
{
"trigger": {
"schedule": {
"daily": {
"at": [
"08:43"
]
}
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"old-index*"
],
"rest_total_hits_as_int": true,
"body": {
"track_total_hits": true,
"query": {
"bool": {
"filter": [
{
"range": {
"key.date": {
"gte": "now-1d-10w/w",
"lte": "now-1d/w",
"format": "strict_date_optional_time||epoch_millis"
}
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"key.carrier.keyword": "Carrier1"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"match_phrase": {
"key.ConnType.keyword": "All"
}
}
],
"minimum_should_match": 1
}
}
],
"should": [
{
"match_phrase": {
"key.state.keyword": "Columbia"
}
}
],
"minimum_should_match": 1
}
},
"size": 0,
"aggs": {
"Alerts": {
"composite": {
"size": 50000,
"sources": [
{
"states": {
"terms": {
"field": "key.state.keyword"
}
}
},
{
"county": {
"terms": {
"field": "key.county.keyword"
}
}
}
]
},
"aggs": {
"compare": {
"date_histogram": {
"field": "key.date",
"calendar_interval": "week"
},
"aggs": {
"cov": {
"weighted_avg": {
"value": {
"field": "KPIs.cleanRX.MerticRX.values.-116.0"
},
"weight": {
"field": "KPIs.cleanRX.doc_count"
}
}
},
"cov4g": {
"weighted_avg": {
"value": {
"field": "KPIs.cleanRSRP.MerticRSRP.values.-116.0"
},
"weight": {
"field": "KPIs.cleanRSRP.doc_count"
}
}
},
"qual": {
"weighted_avg": {
"value": {
"field": "KPIs.cleanSNR.MerticSNR.values.-2.0"
},
"weight": {
"field": "KPIs.cleanSNR.doc_count"
}
}
},
"bucket_truncate": {
"bucket_sort": {
"from": 10,
"size": 1
}
},
"KeepBad": {
"bucket_selector": {
"buckets_path": {
"Cov": "cov.value",
"Cov4g": "cov4g.value",
"Qual": "qual.value"
},
"script": " ((params.Cov >15) || (params.Cov4g >15) || (params.Qual >15))"
}
}
}
}
}
}
}
}
}
}
},
"condition": {
"array_compare": {
"ctx.payload.aggregations.Alerts.buckets": {
"path": "doc_count",
"gte": {
"value": 10,
"quantifier": "some"
}
}
}
},
"actions": {
"index_payload": {
"transform": {
"script": {
"source": " def documents = ctx.payload.aggregations.Alerts.buckets.stream()\n .map(hit -> [\n \"_id\": hit._id,\n \"body\": hit,\n \"@timestamp\": ctx.trigger.scheduled_time\n ])\n .collect(Collectors.toList());\n return [ \"_doc\" : documents]; \n ",
"lang": "painless"
}
},
"index": {
"index": "roy-try-index"
}
}
}
}
Am I missing something about the date histogram?