Hi,
I'd like to use every hit of the first result as a parameter for the second search. And after condition checking start an action.
What I mean:
for result1 in first_search_results:
for result2 in second_search_results:
if result1.some_field == result2.some_field:
counter += 1
endif
endfor
if counter == 0:
do some_action
endif
counter = 0
endfor
Is it possible to do?
Watcher has chained inputs and you can pass something from the results of the first input chain into a subsequent input chain (i.e. perhaps you want to query something in the 2nd search that filters (and only matches) some attribute from the 1st search results.
You can then use code in a transform block to compare any aspect of the output of the input chains and/or calculate some net result.
See a few examples:
Chain inputs: insight_watch.json · GitHub
Transform code: Alert only on 3 consecutive anomalies above a certain summed score · GitHub
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.