Error: Failed evaluating trigger: ctx.results[0].hits.total.value > 0 ^---- HERE

mmercald · May 24, 2024, 5:36pm

Currently we are using opensearch in AWS and I am trying to send alerts to our ticketing system in which the syslog message contains the phrase “PORT_SECURITY-2-PSECURE_VIOLATION”
The first alert came in no problem, but the second alert did not come in

I currently have the internal set to run every minute and the trigger to be ctx.results[0].hits.total.value > 0

How do I resolve the state issue?

pablo · May 31, 2024, 12:02pm

@mmercald I understand that this is a query in the Alerting Monitor.
Have you tested your query? Does the source index exist?

Topic		Replies	Views
Help ! Tigger parase error Alerting configure	3	328	September 25, 2023
Can't view any alerts or findings ( Security Analytics ) Security Analytics	1	31	October 6, 2024
Unable to get `ctx.results` values in trigger action OpenDistro troubleshoot	1	524	February 7, 2023
Unable to get alert - getting Error and Deleted state Security Analytics discuss	1	252	April 30, 2024
How to write trigger condition Alerting troubleshoot	7	11866	December 21, 2022

Error: Failed evaluating trigger: ctx.results[0].hits.total.value > 0 ^---- HERE

Related topics