Wildcard in ctx.payload fileds

bodi4 · February 1, 2018, 11:48am

Hi there!

I am making a watch with 2 chain searches: [search1, search2]. They differ only in query body and return same fields so I'd like to put it in one watch.

The question is:
How to write multiple conditions, i.e if there is a hit for any search, fire an alarm?
wildcard seems not work, only if write a search name search1 condition works

"condition": {
    "compare": {
      "ctx.payload.*.hits.total": {
        "gt": "0"
      }
    }
  }

If use script with && to concatenate comparisons there is still a problem in Action section,
How to access payload fields {{#ctx.payload.hits.hits}}{{key}}{{/ctx.payload.hits.hits}} for specific (triggered) condition/search?
Or the only way to write 2 similar watches each with it own search?

spinscale · February 7, 2018, 8:50am

Hey,

The compare condition cannot do this, you need to use scripting, i.e. like this (untested on top of my head)

"condition" :{
  "script" : "return ctx.payload.first.hits.total > 0 && ctx.payload.second.hits.total > 0"
}

Hope this helps!

system · March 7, 2018, 8:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"compare" : { "ctx.payload.hits.total" : { "gt" : 5}} is not working Elasticsearch elastic-stack-alerting	5	901	November 30, 2018
Multiple Condition using ctx.execution_time Elasticsearch elastic-stack-alerting	2	809	August 3, 2018
Watcher Kibana : How can i use double condition in a "compare" Elasticsearch elastic-stack-alerting	7	6105	April 4, 2019
Ctx.payload.hits.total.value in condition not working Elasticsearch elastic-stack-alerting	7	4948	September 19, 2019
Multiple script/condition for a watcher Elasticsearch	4	3779	October 9, 2017

Wildcard in ctx.payload fileds

Related topics