Kibana Alerting - Access Terms and use Count in Trigger Condition

I want to score based on the count of certain event_ids, how can i do that, below is what i have got so far.

Below is my extraction query which gets all the event with log.level = error

{
“query”: {
“bool”: {
“must”: [
{
“match”: {
“log.level”: {
“query”: “error”,
“operator”: “OR”,
“prefix_length”: 0,
“max_expansions”: 50,
“fuzzy_transpositions”: true,
“lenient”: false,
“zero_terms_query”: “NONE”,
“auto_generate_synonyms_phrase_query”: true,
“boost”: 1
}
}
},
{
“range”: {
“@timestamp”: {
“from”: “now-5d”,
“to”: null,
“include_lower”: true,
“include_upper”: true,
“boost”: 1
}
}
}
],
“adjust_pure_negative”: true,
“boost”: 1
}
},
“sort”: [
{
“@timestamp”: {
“order”: “desc”
}
}
]
}

Next I want to score them using trigger condition:
Example:
If total count of winlog.event_id == “1002” greater or equal to 20 then score += 10
If total count of winlog.event_id == “1000” greater or equal to 20 then score += 1

How can i use count and also access winlog.event_id ? As i am getting an error (PFA snippet)

Kibana_trigger_condition1269×741 41.6 KB

Trigger Condition:

int score = 0;
for (int i = 0; i < ctx.results[0].hits.hits.length; i++) {

// Application Hang
if (ctx.results[0].hits.hits[i].winlog.event_id == “1002”) {
score += 10;
// Application Error
} else if (ctx.results[0].hits.hits[i].winlog.event_id == “1000”) {
score += 1;
}
}
if (score > 99) {
return true;
} else {
return false;
}

I tried adding ._source. I am getting false instead of true as i know there are events with event_id == “1002”!! Please advise.
if (ctx.results[0].hits.hits[i]._source.winlog.event_id == “1002”) {
score += 10;
// Application Error
} else if (ctx.results[0].hits.hits[i]._source.winlog.event_id == “1000”) {
score += 1;
}

Resolved, did not realize event_id is not a string, removing double quotes fixed it.