I have build a watcher on my ES master node. And use email as action, to collect all the error event in last minute.
Then I found there will be dozens of hits in one minute.
Like:
my-watch executed with 19 hits
ctx.payload.hits.hits : {0={_index=..., 1={_index =...,
....
18 ={_index=...
}
Is there a way that I can show only one field(like error message) for each hit?
You can use a tranform to change the payload. Using the script transform you can iterate over the hits and create a new array with only the messages... something along the lines of:
{
"input" : {
"search" : { ... }
},
"condition" : { ... },
"transform" : {
"script" : "return [ 'errors' : ctx.payload.hits.hits.collect { it._source.message } ]"
}
}
The transform above extracts the messages from the hits and the payload is replaced with an array of all the extracted messages (refer to the array in your email template by ctx.payload.errors)
Thanks uboness~ It works.
I never used transform part before, I will see what else I can do to use it.
I would like to send out email to transform the data inside orchestration, how do?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.