Hello,
I've been having trouble creating a watcher. My query has a terms aggregation to aggregate by process, this aggregation has a date_histogram sub-aggregation, which itself has other sub-aggregations for metrics. My goal is to compare the average value of the last bucket of each process with bucket_script value from the same bucket
I've tried many things and I feel this is close to the solution, but I can't get it to work with the bucket_script value, since it can be null:
"aggs": {
"processes": {
"terms": {
"field": "processName.keyword"
},
"aggs": {
"histo": {
"date_histogram": {
"field": "@timestamp",
"interval": "day"
},
"aggs": {
"stats": {
"extended_stats": {
"field": "RobotExecutionTime"
}
},
"movavg_mean": {
"moving_fn": {
"buckets_path": "stats.avg",
"window": 30,
"script": "MovingFunctions.unweightedAvg(values)"
}
},
"movavg_std": {
"moving_fn": {
"buckets_path": "stats.std_deviation",
"window": 30,
"script": "MovingFunctions.unweightedAvg(values)"
}
},
"shewhart_ucl": {
"bucket_script": {
"buckets_path": {
"mean": "movavg_mean.value",
"std": "movavg_std.value"
},
"script": "params.mean + (1 * params.std)"
}
}
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": """
for (def i = 0 ; i < ctx.payload.aggregations.processes.buckets.size() ; i++ )
{
def b = ctx.payload.aggregations.processes.buckets[i];
def lastIndex = b.histo.buckets.size() - 1;
def b2 = b.histo.buckets[lastIndex];
boolean c = b2.shewhart_ucl.isEmpty();
if (!c)
continue;
def result = b2.stats.avg > b2.shewhart_ucl.value;
if (result == true)
{
return true;
}
}
return false;
"""
}
}
When I run the watcher simulation it keeps throwing the following error:
I've tried with shewhart_ucl.isEmpty() and shewart_ucl.value.isNaN() with no success and the same error. I'd really appreciate some help please.