我遇到了一个问题,在我的观察程序中包含“script\u fields”字段之后,ctx.payload对象中的数据消失了。当不包括“script\u fields”字段时,观察器可以很好地执行所需的输出。你知道为什么会这样吗?最后,我只需要解析出主机名的一些字符,所以如果有另一个解决方案,我没有看到请让我知道。
下面是我的代码和“脚本\字段”字段:
{
"trigger": {
"schedule": {
"cron": "0 0/1 * * * ?"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"my_index-*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "stack trace",
"default_operator": "AND"
}
}
],
"filter": {
"range": {
"@timestamp": {
"from": "{{ctx.trigger.scheduled_time}}||-15m",
"to": "{{ctx.trigger.triggered_time}}"
}
}
}
}
},
"script_fields": {
"field_name": {
"script": {
"lang": "painless",
"source": "doc['hostname.keyword'].value.substring(7,10)"
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"email_admin": {
"throttle_period_in_millis": 900000,
"email": {
"profile": "standard",
"to": [
"first last <first.last@domain.com>"
],
"subject": "Stack Trace Error(s): {{#ctx.payload.hits.hits}} {{fields.field_name.0}} {{/ctx.payload.hits.hits}}",
"body": {
"html": """ <html>
Hello,
<br />
<br />
There are stack trace errors in the following hosts:
<br />
<br />
{{#ctx.payload.hits.hits}}
<strong> Host: </strong> {{_source.hostname}} <br />
<hr /> <br />
{{/ctx.payload.hits.hits}}
</html>
"""
}
}
}
}
}
html只输出“host:”,但是当“script\u fields”字段被删除时,它会正确地输出主机名。任何帮助都将不胜感激。提前谢谢。
暂无答案!
目前还没有任何答案,快来回答吧!