Hello all,
I am trying to create a watcher based on my input query and trying to ingest data in
another index. I have a multilevel output from the query and i am trying to transform that payload.
My input payload looks like this :
"aggregations": {
"Test1": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 134710,
"buckets": [
{
"key": "Saurabh",
"doc_count": 17621,
"Test2": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"key": "1.1.1.1",
"doc_count": 17621,
"aggregation_name": {
"hits": {
"total": {
"value": 17621,
"relation": "eq"
},
"max_score": null,
"hits": [
{
"_index": "index-test",
"_type": "_doc",
"_id": "adsgkasdlljdal",
"_score": null,
"_source": {
event": {
"place": "paris"
}**
},
"sort": [
1582178379000
]
}
]
}
}
}
]
}
}
Now as part of my action ( transform ) i need to get value of _source.event.place and store it in a variable
def document = ['var1': i.key , 'var2': j.key , 'thirdloop': _source.event.place ];
output i am getting is : [var1: 'Saurabh' , var2: '1.1.1.1' , var3: 'empty']
Can anybody help me to extract the fields under _source??