Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
es version 7.10.2
Describe the issue:
"I am using OpenSearch with a custom DSL statement for alert monitoring. After aggregating the data, I need to monitor the ratio of failures to the total count and set up triggers based on this ratio. However, I am facing issues when using the trigger condition, and it is not parsing successfully. Do you have any suggestions or strategies to handle this situation?
Below is the result of my DSL query:
jsonCopy code
"aggregations": {
"hourly_counts": {
"buckets": [
{
"key_as_string": "2023-07-26T01:00:00.000Z",
"doc_count": 796,
"success_count": {
"doc_count": 796
},
"failure_count": {
"doc_count": 89
},
"key": 1690333200000
},
{
"key_as_string": "2023-07-26T02:00:00.000Z",
"doc_count": 6146,
"success_count": {
"doc_count": 6146
},
"failure_count": {
"doc_count": 399
},
"key": 1690336800000
}
]
}
}
This is my trigger condition:
jsonCopy code
{
"buckets_path": {
"doc_count": "_count"
},
"parent_bucket_path": "hourly_counts",
"script": {
"source": "params.doc_count > 0",
"lang": "painless"
},
"gap_policy": "skip"
}
And this is the error returned by the trigger:
vbnetCopy code
Unexpected format for key in bucket [{key_as_string=2023-07-26T01:00:00.000Z, doc_count=787, success_count={doc_count=787}, failure_count={doc_count=88}, key=1690333200000}]