Xpack watcher payload

jodiaz · February 21, 2019, 10:27pm

Hello,

I was hoping someone was familiar with some of the capabilities of watchers. I have a regex that queries my index and returns a big set of numbers. I now want to run a different regex on the data loaded in the payload instead of it running against my index. I believe this would be a transform however, I am not sure if I'm doing it right. Any help is appreciated.

"transform": {
"search": {
"request": {
"search_type": "query_then_fetch",
"types": ,
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "/4[0-9]{14,16}/"
}
}
]
}
}
}
},

Marius_Dragomir · February 22, 2019, 11:54am

@spinscale Can you help here, please?

andres-perez · March 6, 2019, 6:55pm

What you are using, a search transform, is meant to run against the index.
You will need to use a script transform instead and do some programing in painless script to process the payload with the additional regex.

If the regex is only used to check matches (so can evaluate to true or false) and fire an action, then a script condition with the painless script code could be set inside the action.

By the way, if this question is an additional explanation for your other topic Xpack Watcher -- Credit card in logs , both of them should be merged to avoid having partial context spread in different threads for the same problem.

jodiaz · March 7, 2019, 5:38pm

Thank you for the reply. Yes, this is all in regards to the same topic. Not sure how I would merge these. Kinda new to online communities.

system · April 4, 2019, 5:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.