Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): v2.15
Describe the issue:
I try to get infomations about my document of a per bucket alert, but when i try to use ctx.newAlerts.0.sample_documents, it returns nothing.
I did the same thing with per document alert (with ctx.alerts.0.sample_documents) and it works fine, but I need to make the per bucket sample_documents work.
Here is my configuration :
{
"query": {
"bool": {
"must": [
{
"range": {
"ISOTimestamp": {
"from": "now-5d",
"to": "now",
"include_lower": true,
"include_upper": false,
"boost": 1
}
}
}
],
"filter": [
{
"term": {
"status.keyword": {
"value": "KO",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"_source": {
"includes": [
"component",
"correlationId",
"flux_info1",
"nom_flux_info1",
"flux_info2",
"nom_flux_info2",
"flux_info3",
"nom_flux_info3",
"status_infos",
"idLeanix",
"idExterne",
"process",
"pid",
"codeApplicationSource",
"codeApplicationDestination"
],
"excludes": []
},
"script_fields": {
"has_status_infos": {
"script": {
"source": "doc.containsKey('status_infos.keyword') ? doc['status_infos.keyword'].value : null",
"lang": "painless"
},
"ignore_failure": false
}
},
"aggregations": {
"unique_correlation_ids": {
"terms": {
"field": "correlationId.keyword",
"size": 100000,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
output :
{
"_shards": {
"total": 4,
"failed": 0,
"successful": 4,
"skipped": 0
},
"hits": {
"hits": [
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479245"
},
"_id": "1",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479246"
},
"_id": "2",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479247"
},
"_id": "3",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479248"
},
"_id": "4",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479250"
},
"_id": "5",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479251"
},
"_id": "6",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479254"
},
"_id": "9",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479255"
},
"_id": "10",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479256"
},
"_id": "11",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
},
{
"_index": "logstash-ipaas-flxxxx-2024.07.26",
"_source": {
"process": "[TEST] SUPERVISION - Test Process",
"component": "ipaas",
"idExterne": "LR0000",
"idLeanix": "FLXXXX",
"codeApplicationDestination": "YYYY",
"codeApplicationSource": "XXXX",
"pid": "execution-0e64741c-ef4e-4606-8cf7-d86b75a9b88f-2024.07.26",
"status_infos": null,
"correlationId": "2590421414187479257"
},
"_id": "12",
"_score": 1,
"fields": {
"has_status_infos": [
null
]
}
}
],
"total": {
"value": 17,
"relation": "eq"
},
"max_score": 1
},
"took": 10,
"timed_out": false,
"aggregations": {
"unique_correlation_ids": {
"doc_count_error_upper_bound": 0,
"sum_other_doc_count": 0,
"buckets": [
{
"doc_count": 2,
"key": "2590421414187479292"
},
{
"doc_count": 1,
"key": "2590421414187479245"
},
{
"doc_count": 1,
"key": "2590421414187479246"
},
{
"doc_count": 1,
"key": "2590421414187479247"
},
{
"doc_count": 1,
"key": "2590421414187479248"
},
{
"doc_count": 1,
"key": "2590421414187479250"
},
{
"doc_count": 1,
"key": "2590421414187479251"
},
{
"doc_count": 1,
"key": "2590421414187479252"
},
{
"doc_count": 1,
"key": "2590421414187479253"
},
{
"doc_count": 1,
"key": "2590421414187479254"
},
{
"doc_count": 1,
"key": "2590421414187479255"
},
{
"doc_count": 1,
"key": "2590421414187479256"
},
{
"doc_count": 1,
"key": "2590421414187479257"
},
{
"doc_count": 1,
"key": "259042141418747928"
},
{
"doc_count": 1,
"key": "259042141418747929"
},
{
"doc_count": 1,
"key": "2590421414187479296"
}
]
}
}
}
Trigger condition :
{
"buckets_path": {
"count_var": "_count"
},
"parent_bucket_path": "unique_correlation_ids",
"script": {
"source": "params.count_var > 0",
"lang": "painless"
},
"gap_policy": "skip"
}
Response :
[
{
"doc_count": 2,
"key": "2590421414187479292"
},
{
"doc_count": 1,
"key": "2590421414187479245"
},
{
"doc_count": 1,
"key": "2590421414187479246"
},
{
"doc_count": 1,
"key": "2590421414187479247"
},
{
"doc_count": 1,
"key": "2590421414187479248"
},
{
"doc_count": 1,
"key": "2590421414187479250"
},
{
"doc_count": 1,
"key": "2590421414187479251"
},
{
"doc_count": 1,
"key": "2590421414187479252"
},
{
"doc_count": 1,
"key": "2590421414187479253"
},
{
"doc_count": 1,
"key": "2590421414187479254"
},
{
"doc_count": 1,
"key": "2590421414187479255"
},
{
"doc_count": 1,
"key": "2590421414187479256"
},
{
"doc_count": 1,
"key": "2590421414187479257"
},
{
"doc_count": 1,
"key": "259042141418747928"
},
{
"doc_count": 1,
"key": "259042141418747929"
},
{
"doc_count": 1,
"key": "2590421414187479296"
}
]
Message Alert :
{{#ctx.newAlerts}}
{{#sample_documents}}
{"correlationId" :
"{{_source.correlationId}}"
}
{{/sample_documents}}
{{/ctx.newAlerts}}