Watcher with field query error

hello, I have a problem with a watcher, I need to find a field and is equal to the value I specify, but I get that is an unknown field and I need the "monitor.name.keyword" is equal to "01-1-CAV30328203-DATOS-PPAL-2.7G-99.98" but I get error, I do not know if the condition or something, please help. here I leave the code.

{
  "trigger": {
    "schedule": {
      "interval": "1h"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "agenteallot*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "@timestamp": {
                    "gte": "{{ctx.trigger.scheduled_time}}||-5m",
                    "lte": "{{ctx.trigger.scheduled_time}}",
                    "format": "strict_date_optional_time||basic_time_no_millis"
                  }
                }
              }
            }
          },
          "aggs": {
            "bucketAgg": {
            "query":{
                "bool":{"filter":{
                    "term":{
                        "monitor.name.keyword": "01-1-CAV30328203-DATOS-PPAL-2.7G-99.98"
                    }
                
                }
                }
              },
              "aggs": {
                "metricAgg": {
                  "max": {
                    "field": "summary.up"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value >= params.threshold) { return true; } } return false;",
      "lang": "painless",
      "params": {
        "threshold": 0.8
      }
    }
  },
  "actions": {
    "email_1": {
      "email": {
        "profile": "standard",
        "attach_data": {
          "format": "yaml"
        },
        "to": [
          "juan.jaramillo@megadvantage.com",
          "victor.vera@megadvantage.com"
        ],
        "subject": "{{ctx.metadata.name}} {{ctx.payload.results}}",
        "body": {
          "text": """Buen dia, Adjunto registro del reporte.

 ⚠️ALERTA NODO!!! El siguiente enlace perdió la conexión. 

 Estado: Down🔴 

 Nombre del Enlace: {{ctx.payload.results}} 

 🕧Hora: {{ctx.execution_time}}  {{ctx.result.execution_time}}

 Área: Networking 

 🔔Mensaje Alerta: El enlace ha dejado de responder. Responder correo a telecomunicaciones@udistrital.edu.co 

 Ingrese aquí para más información: https://72dfe17217744236af40cc31b704a664.us-central1.gcp.cloud.es.io:9243/s/distrital/app/uptime#"""
        }
      }
    }
  },
  "transform": {
    "script": {
      "source": "HashMap result = new HashMap(); ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; ArrayList filteredHits = new ArrayList(); for (int i = 0; i < arr.length; i++) { HashMap filteredHit = new HashMap(); filteredHit.key = arr[i].key; filteredHit.value = arr[i]['metricAgg'].value; if (filteredHit.value >= params.threshold) { filteredHits.add(filteredHit); } } result.results = filteredHits; return result;",
      "lang": "painless",
      "params": {
        "threshold": 0.8
      }
    }
  }
}

this is the error...

Screenshot 2020-10-14 093029664×847 48.9 KB

In order to be sure that your query is valid, you should try it outside of watcher first. It looks to me as if your aggregation definition is wrong.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.