使用groovy将手表elasticsearch输出转换为json

时间:2017-04-17 09:27:47

标签: json elasticsearch groovy kibana

我想将 payload.hits.hits 转换为elasticsearch观察器输出中的json。我找到了一个解决方案groovy transform script:

PUT _watcher/watch/error_alert
{
"trigger": {
  "schedule": {
  "interval": "1m"
}
},
"input": {
"search": {
  "request": {
    "body": {
      "query": {
        "bool": {
          "must": [
            {
              "query_string": {
                "default_field": "message",
                "query": "ERROR"
              }
            },
            {
              "range": {
                "@timestamp": {
                  "gte": "now-1m",
                  "lte": "now"
                }
              }
            }
          ]
        }
      }
    }
  }
}
},
"condition": {
  "compare": {
    "ctx.payload.hits.total": {
      "gt": 0
  }
 }
 },
"transform" : {
    "script" : "return [ body:  groovy.json.JsonOutput.toJson(ctx.payload.hits.hits)]"
},
"actions": {
"some_webhook": {
  "webhook": {
    "method": "POST",
    "host": "*.*.*.*",
    "port": 4000,
    "path": "/sms",
    "headers": {
      "Content-Type": "application/json"
    },
    "body": "message: {{ctx.payload.body}}"
  }
}
}
}

此请求返回此异常:

    "type": "general_script_exception",
    "reason": "failed to compile script [ScriptException[compile error]; nested: IllegalArgumentException[Variable [body] is not defined.];]"

我尝试了许多其他解决方案,但它似乎适用于除我之外的大多数人!

我用:

  • Elasticsearch 5.3.0
  • Kibana 5.0.2

有人可以帮助我!

1 个答案:

答案 0 :(得分:0)

看起来像json中的语法问题。 

"return [ body:  groovy.json.JsonOutput.toJson(ctx.payload.hits.hits)]"

尝试

"return { 'body':  JsonOutput.toJson(ctx.payload.hits.hits)}"
相关问题
最新问题