Alert monitor in make query in script more than (50) value to get data

hello
i am using latest version of opensearch
this is my alert monitor in Extraction query editor i want get only usage_percentage value more than → 50 how to make query like this

{
  "size": 1,
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "time": {
              "gte": "now-10m",
              "lt": "now"
            }
          }
        },
        {
          "terms": {
            "name.keyword": [
              "kube_node_cpu_usage",
              "kube_node_allocatable_cpu"
            ]
          }
        }
      ]
    }
  },
  "aggs": {
    "group_by_time": {
      "date_histogram": {
        "field": "time",
        "fixed_interval": "1s", 
        "min_doc_count": 1
      },
      "aggs": {
        "by_name": {
          "terms": {
            "field": "name.keyword"
          },
          "aggs": {
            "sum_values": {
              "sum": {
                "field": "value"
              }
            }
          }
        },
        "usage_percentage": {
          "bucket_script": {
            "buckets_path": {
              "cpu_usage": "by_name['kube_node_cpu_usage']>sum_values",
              "allocatable_cpu": "by_name['kube_node_allocatable_cpu']>sum_values"
            },
            "script": "params.allocatable_cpu > 0 ? (params.cpu_usage / params.allocatable_cpu) * 100 : 0 "
          }
        }
      }
    }
  }

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.