I am currently facing an issue while attempting to create a monitor using the Per Query Monitor along with the Extraction Query Editor in OpenSearch. The problem revolves around an unexpected behavior where the ctx variable, which should contain the results of my extraction query, appears to be empty despite having matching documents.
Extraction Query:
{
"size": 2,
"_source": {
"includes": ["stream"]
},
"query": {
"match_all": {}
}
}
Results from Extraction Query:
{
"_shards": {
"total": 100,
"failed": 0,
"successful": 100,
"skipped": 0
},
"hits": {
"hits": [
{
"_index": "fluent-bit-2023.10.23",
"_type": "_doc",
"_source": {
"stream": "stderr"
},
"_id": "ekQeXIsB435SyzO_uELE",
"_score": 1
},
{
"_index": "fluent-bit-2023.10.23",
"_type": "_doc",
"_source": {
"stream": "stderr"
},
"_id": "e0QeXIsB435SyzO_uELF",
"_score": 1
}
],
"total": {
"value": 10000,
"relation": "gte"
},
"max_score": 1
},
"took": 68,
"timed_out": false
}
Despite having matching documents for the specified query, the ctx variable in the monitoring setup returns empty results. This behavior is unexpected and is preventing the successful setup of triggers and notification messages based on the extraction query.
Screenshots:
