Elasticsearch 观察者转换脚本
Elasticsearch watcher transform script
如何将负载作为输入传递给 ELK watcher 中的 'transform' 进程?我试过以下方式,但它把它们作为字符串传递给 groovy 文件。
"transform": {
"script": {
"file": "error_parser",
"lang": "groovy",
"params": {
"inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
}
}
}
当我想传递字符串或整数时,我没有遇到任何问题,但遇到了对象问题。有没有办法将它们传递给文件?在这种情况下,我们 return 来自 groovy 脚本的输出值存储在哪里(在类似情况下 'condition' 过程将输出评估为布尔值)?
Groovy内容:
println inputval
return inputval[0].doc_count
执行观察程序时出现以下错误
{{ctx.payload.aggregations.errorcount.buckets}}
[2016-03-22 17:23:08,637][ERROR][watcher.transform.script ] [Hannah Levy] failed to execute [script] transform for [my-watch_2-2016-03-22T21:23:08.617
Z]
ScriptException[failed to run file script [error_parser] using lang [groovy]]; nested: MissingPropertyException[No such property: doc_count for class:
java.lang.String];
at org.elasticsearch.script.groovy.GroovyScriptEngineService$GroovyScript.run(GroovyScriptEngineService.java:318)
at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.doExecute(ExecutableScriptTransform.java:73)
at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:59)
at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:40)
我很确定你不能这样做:
"inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
我会在你的脚本中这样做
println ctx.payload.aggregations.errorcount.buckets
return ctx.payload.aggregations.errorcount.buckets[0].doc_count
我会删除脚本部分的参数
如何将负载作为输入传递给 ELK watcher 中的 'transform' 进程?我试过以下方式,但它把它们作为字符串传递给 groovy 文件。
"transform": {
"script": {
"file": "error_parser",
"lang": "groovy",
"params": {
"inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
}
}
}
当我想传递字符串或整数时,我没有遇到任何问题,但遇到了对象问题。有没有办法将它们传递给文件?在这种情况下,我们 return 来自 groovy 脚本的输出值存储在哪里(在类似情况下 'condition' 过程将输出评估为布尔值)?
Groovy内容:
println inputval
return inputval[0].doc_count
执行观察程序时出现以下错误
{{ctx.payload.aggregations.errorcount.buckets}}
[2016-03-22 17:23:08,637][ERROR][watcher.transform.script ] [Hannah Levy] failed to execute [script] transform for [my-watch_2-2016-03-22T21:23:08.617
Z]
ScriptException[failed to run file script [error_parser] using lang [groovy]]; nested: MissingPropertyException[No such property: doc_count for class:
java.lang.String];
at org.elasticsearch.script.groovy.GroovyScriptEngineService$GroovyScript.run(GroovyScriptEngineService.java:318)
at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.doExecute(ExecutableScriptTransform.java:73)
at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:59)
at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:40)
我很确定你不能这样做:
"inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
我会在你的脚本中这样做
println ctx.payload.aggregations.errorcount.buckets
return ctx.payload.aggregations.errorcount.buckets[0].doc_count
我会删除脚本部分的参数