Please help me I need to message after trigger is done
not only value like this
return ctx.results[0].aggregations.when.value == null ? false : ctx.results[0].aggregations.when.value > 1000
but also contents of fields of query resulting dataset from monitor
from which this trigger made alert
how to do this how to show which response was
when I use discover with the same query i see
the result of the dataset of strings that caused this trigger to act
but how to do this programmatically to show all resulting datasets with fields in monitor
as we see for example in SQL query result
Correct me if I’ve misunderstood but it looks like you want both the Trigger condition source and the query results the Trigger evaluated on in your Alert message?
The query results will be available as ctx.results[0] in the message mustache template. As for the Trigger condition source it’s supposed to be something like ctx.monitor.inputs.search.query but is currently not supported. This is a discrepancy captured in this GitHub issue and we do plan on supporting it.