Triggers for anomaly detection

Opensearch version: 2.11.1

I have created a monitor to send alerts to my custom webhook whenever an anomaly is triggered. I am sending a json to my webhookmthat included information of the latest trigger. In my detector, I have used “client.ip.keyword” as a categorical field. Whenever there is an anomaly, it shows which client ip does it belong to. I want to include the value of this for the anomaly that is triggered in json that I am sending. For this I am witting the following message:

{
“text”: “Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.”,
“Trigger” : “{{ctx.trigger.name}}”,
“Severity”: “{{ctx.trigger.severity}}”,
“Period start”: “{{ctx.periodStart}}”,
“Period end”: “{{ctx.periodEnd}}”,
“client.ip.keyword”: “{{ctx.results[0]._source.client.ip.keyword}}”
}

But, in the response “client.ip.keyword” has no value.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.