I am writing trigger condition for user created and deleted within 10 mn. Below is condition , but it is giving compile error {“script”:{ “lang”: “painless”, “source”: “def removes=ctx.payload.aggregations.event_id.buckets.remove.users.buckets.stream().map(p → p.key).collect(Collectors.toList())…

How to write trigger condition

bijeshr December 8, 2020, 1:18am 6

buckets is an array, so something like this works:

ctx.results[0].aggregations.group_by_host.buckets[0].doc_count > 400

2 Likes

Topic		Replies	Views
Trigger on bucket count Alerting	1	1185	February 7, 2023
Alert and trigger Alerting	0	279	July 27, 2022
Alerts - group by host/server Alerting	4	1712	February 14, 2024
Trigger by one of buckets value Alerting troubleshoot , configure	7	2020	February 18, 2022
Group by - Bucket Aggregation in Trigger Condition Alerting	1	594	February 7, 2023