Hello There,
I have a basic watcher to see no. of hits based on a query and send an email per hit. i.e. if my query returns 5 hits, I need to be able to send 5 different emails. To loop through the hits in an array: I followed the elastic documentation link
But, this is throwing an error and not working:
[parse_exception] could not parse action [Test/email_administrator]. unknown action type [foreach]
Below is my Watcher Script:
{
"trigger": {
"schedule": {
"interval": "7m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"ai-test-*"
],
"types": [],
"body": {
"query": {
"bool": {
"must": [
{
"match_phrase": {
"Alarms.GenerateSNOW": {
"query": "true"
}
}
},
{
"range": {
"@timestamp": {
"gte": "now-7m"
}
}
}
]
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_administrator": {
"foreach": "ctx.payload.hits.hits",
"max_iterations" : 500,
"email": {
"profile": "standard",
"priority": "high",
"to": [
"email@email.com"
],
"subject": "{{ctx.payload.hits.total}} Alert(s) Reported",
"body": {
"html": "<p>Hello Team,<br> <br>This is to notify you that there is ID(s) found in problem state and needs your immediate attention. <br/> <br> <br> Details: <br/> <font color=\"#008000\">{{#ctx.payload.hits.hits}} Distribution ID: {{_source.Alarms.DistrId}}; Error Message: {{_source.Alarms.RMessage}}; Status: {{_source.Alarms.Status}}; Alarm ID: {{_source.Alarms.AlarmId}}; Destination Network: {{_source.Alarms.DistToNet}}; Destination Node: {{_source.Alarms.DistToNode}} <br> <br> {{/ctx.payload.hits.hits}}</font> <b><br><br>Regards,<br>Team Monitoring<br></P>"
}
}
}
}
}
Pls. help.
Thanks,
Rav