Elasticsearch观察者转换脚本

时间:2016-03-22 21:59:13

标签: elasticsearch groovy elasticsearch-watcher

如何将有效负载作为输入传递给'转换' ELK观察者的过程?我尝试了以下方法,但它将它们作为字符串传递给groovy文件。

"transform": {
   "script": {
     "file": "error_parser",
     "lang": "groovy",
     "params": {
       "inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
     }
   }
 }

当我想传递一个字符串或整数时,我没有问题,但是有了对象。有没有办法将它们传递给文件?在这种情况下,我们从groovy脚本中返回的输出值存储在何处(' condition' process在类似情况下将输出计算为布尔值)?

Groovy内容:

println inputval
return inputval[0].doc_count

执行观察程序时出现以下错误

{{ctx.payload.aggregations.errorcount.buckets}}
[2016-03-22 17:23:08,637][ERROR][watcher.transform.script ] [Hannah Levy] failed to execute [script] transform for [my-watch_2-2016-03-22T21:23:08.617
Z]
ScriptException[failed to run file script [error_parser] using lang [groovy]]; nested: MissingPropertyException[No such property: doc_count for class:
 java.lang.String];
        at org.elasticsearch.script.groovy.GroovyScriptEngineService$GroovyScript.run(GroovyScriptEngineService.java:318)
        at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.doExecute(ExecutableScriptTransform.java:73)
        at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:59)
        at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:40)

1 个答案:

答案 0 :(得分:0)

我很确定你不能这样做:

"inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"

我会在您的脚本中执行此操作

println ctx.payload.aggregations.errorcount.buckets
return ctx.payload.aggregations.errorcount.buckets[0].doc_count

我将删除脚本部分的参数