Watcher script error

Elastic Stack Elasticsearch
1

I'm migrating a watch created in ES 2.3 into ES 5.5, it works in ES 2.3, however there's a script error when I tried to run it in ES 5.5

This is the watch:

PUT _xpack/watcher/watch/Duplicate_Cost_Invoice_Watch
{
  "trigger": {
    "schedule": {
      "interval": "7300d"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "costing_requests"
        ],
        "types": [],
        "body": {
          "size": 0,
          "aggs": {
            "duplicateCount": {
              "terms": {
                "field": "costInvoiceNumber",
                "min_doc_count": 2,
                "size": 1000
              },
              "aggs": {
                "duplicateDocuments": {
                  "top_hits": {}
                }
              }
            }
          },
          "query": {
            "range": {
              "@timestamp": {
                "gte": "2017-03-01",
                "lte": "2017-03-20"
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "inline": "return ctx.payload.aggregations.duplicateCount.buckets.size() > 0;"
    }
  },
  "transform": {
    "script": {
      "inline": "def total=0; ctx.payload.aggregations.duplicateCount.buckets.each { total += it.doc_count }; return total;"
    }
  },
  "throttle_period": "7300d",
  "actions": {
    "log": {
      "logging": {
        "level": "info",
        "text": "Total: {{ctx.payload._value}}"
      }
    },
    "notify-slack": {
      "throttle_period": "7300d",
      "slack": {
        "account": "monitoring",
        "message": {
          "from": "Duplicate Cost Invoice Watch PROD",
          "to": [
            "#watchertest"
          ],
          "text": "Duplicate Watch found duplicate cost invoices",
          "icon": ":eyes:",
          "attachments": [
            {
              "color": "danger",
              "title": "Duplicate Cost Invoices found in the costing_requests ELK index",
              "text": "There are a total of {{ctx.payload._value}} record/s from March 1 - 20, 2017 that need to be checked for duplicates"
            }
          ]
        }
      }
    }
  }
}

This is the error I'm getting:

{
  "error": {
    "root_cause": [
      {
        "type": "general_script_exception",
        "reason": "failed to compile script [ScriptException[compile error]; nested: IllegalArgumentException[unexpected token ['{'] was expecting one of [{<EOF>, ';'}].];]"
      }
    ],
    "type": "general_script_exception",
    "reason": "failed to compile script [ScriptException[compile error]; nested: IllegalArgumentException[unexpected token ['{'] was expecting one of [{<EOF>, ';'}].];]"
  },
  "status": 500
}

Any suggestions or help is appreciated.
Thank you.

2

Hey,

the default scripting language in Elasticsearch 5.0 and above is painless, which has a different syntax than groovy, which is the default in Elasticsearch 2.3. Either you convert your script to painless or you use the groovy plugin.

FYI: We changed the default scripting language, because we wanted a secure fast scripting language and thus we wrote our own. You can read more about it at
https://www.elastic.co/guide/en/elasticsearch/reference/master/modules-scripting-painless.html

--Alex

3

Thanks for the link and the information. I'll try this and get back to you.

Cheers!

  • Marge
4

Did this on my elasticsearch.yml file. Did I put the correct syntax? Because I'm still getting the same error :confused:

script.engine.groovy.inline.xpack_watch: true
script.engine.groovy.inline.search: true
5

You have to specify the scripting language you want to use as part of your watch, inside of the script block. Use "lang": "groovy"

--Alex

6

Thanks. It worked! :grin:

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.