Watcher : Extract _source field in transform

Hello all,
I am trying to create a watcher based on my input query and trying to ingest data in
another index. I have a multilevel output from the query and i am trying to transform that payload.

My input payload looks like this :

"aggregations": {
"Test1": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 134710,
"buckets": [
{
"key": "Saurabh",
"doc_count": 17621,
"Test2": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1.1.1.1",
"doc_count": 17621,
"aggregation_name": {
"hits": {
"total": {
"value": 17621,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "index-test",
"_type": "_doc",
"_id": "adsgkasdlljdal",
"_score": null,
"_source": {
event": {
"place": "paris"
}**
},
"sort": [
1582178379000
]
}
]
}
}
}
]
}
}

Now as part of my action ( transform ) i need to get value of _source.event.place and store it in a variable

def document = ['var1': i.key , 'var2': j.key , 'thirdloop': _source.event.place ];

output i am getting is : [var1: 'Saurabh' , var2: '1.1.1.1' , var3: 'empty']

Can anybody help me to extract the fields under _source??

This is impossible to answer without more information how your payload looks like.'

Can you provide a sample execute watch API call, with an simple input mimicking your payload and your transform?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.