I have built a per-query monitor in open search. This monitor includes specific data filters that are designed to activate an alert message when certain conditions are met. This monitor is fully functional and producing the expected results.
Now I would like to incorporate the message (in bold) field from the source log into the alert message. Below is the actual source log I'll be referring to.
I attempted to retrieve the message field using ctx.results.0, which is an array containing the query result exclusively. Unfortunately, the message field was not included in the results array.
I would be very grateful if someone could kindly provide me with an example of how to accomplish this task.
PradeepMurani
commented
5 months ago
I have built a per-query monitor in open search. This monitor includes specific data filters that are designed to activate an alert message when certain conditions are met. This monitor is fully functional and producing the expected results. Now I would like to incorporate the message (in bold) field from the source log into the alert message. Below is the actual source log I'll be referring to.
{ "@timestamp": "2024-01-31T19:02:47.289Z", "time": "2024-01-31T19:02:47.289739655Z", "stream": "stderr", "logtag": "F", "message": "[31-Jan-2024 19:02:47] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it", "kubernetes": { "pod_name": "XXXXX", "namespace_name": "XXXX", "pod_id": "a4a8b6a5-f829-4b72-99e6-c5305920e43c", "labels": { "app": "XXXX", "pod-template-hash": "675d7d7988", "zone": "XXXX" }, "host": "XXXXXX", "container_name": "web", "docker_id": "a4a8b6a5-f829-4b72-99e6-c5305920e43c", "container_image": "XXXXXXXX" } }
I attempted to retrieve the message field using ctx.results.0, which is an array containing the query result exclusively. Unfortunately, the message field was not included in the results array.
I would be very grateful if someone could kindly provide me with an example of how to accomplish this task.