Watcher with field query error

Juan_David_Jaramillo · October 14, 2020, 2:34pm

hello, I have a problem with a watcher, I need to find a field and is equal to the value I specify, but I get that is an unknown field and I need the "monitor.name.keyword" is equal to "01-1-CAV30328203-DATOS-PPAL-2.7G-99.98" but I get error, I do not know if the condition or something, please help. here I leave the code.

{
  "trigger": {
    "schedule": {
      "interval": "1h"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "agenteallot*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "filter": {
                "range": {
                  "@timestamp": {
                    "gte": "{{ctx.trigger.scheduled_time}}||-5m",
                    "lte": "{{ctx.trigger.scheduled_time}}",
                    "format": "strict_date_optional_time||basic_time_no_millis"
                  }
                }
              }
            }
          },
          "aggs": {
            "bucketAgg": {
            "query":{
                "bool":{"filter":{
                    "term":{
                        "monitor.name.keyword": "01-1-CAV30328203-DATOS-PPAL-2.7G-99.98"
                    }
                
                }
                }
              },
              "aggs": {
                "metricAgg": {
                  "max": {
                    "field": "summary.up"
                  }
                }
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "script": {
      "source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value >= params.threshold) { return true; } } return false;",
      "lang": "painless",
      "params": {
        "threshold": 0.8
      }
    }
  },
  "actions": {
    "email_1": {
      "email": {
        "profile": "standard",
        "attach_data": {
          "format": "yaml"
        },
        "to": [
          "juan.jaramillo@megadvantage.com",
          "victor.vera@megadvantage.com"
        ],
        "subject": "{{ctx.metadata.name}} {{ctx.payload.results}}",
        "body": {
          "text": """Buen dia, Adjunto registro del reporte.

 ⚠️ALERTA NODO!!! El siguiente enlace perdió la conexión. 

 Estado: Down🔴 

 Nombre del Enlace: {{ctx.payload.results}} 

 🕧Hora: {{ctx.execution_time}}  {{ctx.result.execution_time}}

 Área: Networking 

 🔔Mensaje Alerta: El enlace ha dejado de responder. Responder correo a telecomunicaciones@udistrital.edu.co 

 Ingrese aquí para más información: https://72dfe17217744236af40cc31b704a664.us-central1.gcp.cloud.es.io:9243/s/distrital/app/uptime#"""
        }
      }
    }
  },
  "transform": {
    "script": {
      "source": "HashMap result = new HashMap(); ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; ArrayList filteredHits = new ArrayList(); for (int i = 0; i < arr.length; i++) { HashMap filteredHit = new HashMap(); filteredHit.key = arr[i].key; filteredHit.value = arr[i]['metricAgg'].value; if (filteredHit.value >= params.threshold) { filteredHits.add(filteredHit); } } result.results = filteredHits; return result;",
      "lang": "painless",
      "params": {
        "threshold": 0.8
      }
    }
  }
}

this is the error...

spinscale · October 16, 2020, 1:59pm

In order to be sure that your query is valid, you should try it outside of watcher first. It looks to me as if your aggregation definition is wrong.

system · November 13, 2020, 1:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.