I'm trying to configure an Elasticsearch Watcher Watch to alert on certain messages, but I'm unable to get my search input to work.
I tried using both Sense and elasticsearch-watcher-py, but Watcher always returns a "parse_exception".
est.watcher.put_watch(
id='a1b_error',
body={
# run the watch every night at midnight
'trigger': { 'schedule': { 'daily': { 'at': 'midnight' }}},
'condition': { 'script': { 'inline': 'ctx.payload.hits.total > 0' } },
'input': {
'search': {
'requests': {
'indices': ['logstash-*'],
'body': {
'query': {
'bool': {
'must': [
{ 'match': { 'Projekt': 'ourproject' }},
{ 'match': { 'Modus': 'production' }},
{ 'match': { 'facility': 'somebackend.log' }},
{ 'wildcard': { 'message': 'SOMEERROR*' }},
{ 'range': { '#timestamp' : { 'gte': 'now-30d', 'lt': 'now' }}}
]
}
}
}
}
}
},
'actions': {
'log' : {
'logging' : {
'test': 'Watch triggered!'
}
}
}
}
)
Using elasticsearch-py and the exact same search query it returns 186 results just fine, but Watcher keeps returning a status 400 and a parse_exception with the reason "could not parse [search] input for watch [testwatch]. unexpected token [START_OBJECT]"
As someone on the elastic forum pointed out to me, it was merely a typo.
'requests': {
should really be
'request': {
Also, for completeness sake, there's an error in my action, the following would be correct.
'actions': {
'log' : {
'logging' : {
'text': 'Watch triggered!'
}
}
}
Related
I have this query (in Hasura in case that matters):
query MyQuery {
records(distinct_on:[recordId], where: { modelId: {_eq: "2f1f70b8-cb7b-487c-9e4c-ca03624ce926"}}) {
recordId
inboundEdges(where: {fromModelId: {_eq: "f0e19461-6d38-4148-8041-54eba6451293"}}) {
fromRecord {
property_path_values(where:{stringValue:{_eq:"2021-08-26"}}) {
stringValue
}
}
}
}
}
I get this result back:
{
"data": {
"records": [
{
"recordId": "2fbe37b1-78db-4b22-b713-2388cfb52597",
"inboundEdges": [
{
"fromRecord": {
"property_path_values": [
{
"stringValue": "2021-08-26"
}
]
}
},
{
"fromRecord": {
"property_path_values": [
{
"stringValue": "2021-08-26"
},
{
"stringValue": "2021-08-26"
}
]
}
}
]
},
{
"recordId": "7b34e85d-f4e1-4099-89d9-02483128a6cd",
"inboundEdges": [
{
"fromRecord": {
"property_path_values": [
{
"stringValue": "2021-08-26"
}
]
}
}
]
},
{
"recordId": "840f52e2-0f2e-4591-810d-19f9e8840a49",
"inboundEdges": []
}
]
}
}
I do not want the third result in the response, because it's inboundEdges array is empty.
What I am trying to say is: find me all records that have at least one inboundEdge with a fromRecord that has at least one property_path_value with a stringValue equal to 2021-08-26. I do not want to have to parse the response needing to exclude results with inboundEdges === []
Seems I was confusing the selection set with the place to state the query. The right way to do what I wanted is:
query MyQuery {
records(where: {inboundEdges: {fromModelId: {_eq: "f0e19461-6d38-4148-8041-54eba6451293"}, fromRecord: {propertyPathValues: {stringValue: {_eq: "2021-08-26"}}}}, modelId: {_eq: "2f1f70b8-cb7b-487c-9e4c-ca03624ce926"}}) {
recordId
}
}
i.e. put the query in the where clause, like a normal person, not the selection set
This is the Json variable this filter is working fine in kibana dashbaord here is the screenshot for that
My Requirement is that want to get the same output as am getting from Kibana using filter query from Elastic Search Dot net Search Request here is the link which i followed from stack over flow to the point where get till now
{
""version"": true,
""size"": 500,
""sort"": [
{
""AddedOn"": {
""order"": ""desc"",
""unmapped_type"": ""boolean""
}
}
],
""stored_fields"": [
""*""
],
""script_fields"": { },
""docvalue_fields"": [
{
""field"": ""#timestamp"",
""format"": ""date_time""
},
{
""field"": ""AddedOn"",
""format"": ""date_time""
}
],
""_source"": {
""excludes"": []
},
""query"": {
""bool"": {
""must"": [],
""filter"": [
{
""match_all"": { }
},
{
""match_all"": { }
},
{
""bool"": {
""filter"": [
{
""match_all"": { }
},
{
""match_all"": { }
},
{
""range"": {
""AddedOn"": {
""format"": ""strict_date_optional_time"",
""gte"": ""2019-10-26T09:20:14.087Z"",
""lte"": ""2020-10-26T09:20:14.087Z""
}
}
}
],
""must"": [],
""must_not"": [],
""should"": []
}
},
{
""range"": {
""AddedOn"": {
""gte"": ""2019-10-26T10:38:34.169Z"",
""lte"": ""2020-10-26T10:38:34.170Z"",
""format"": ""strict_date_optional_time""
}
}
}
],
""should"": [],
""must_not"": []
}
},
""highlight"": {
""pre_tags"": [
""#kibana-highlighted-field#""
],
""post_tags"": [
""#/kibana-highlighted-field#""
],
""fields"": {
""*"": { }
},
""fragment_size"": 2147483647
}
}
"
This is the code which is doing searching in elasticsearch index
_elasticClient.LowLevel.Search<SearchResponse<object>>(FraudIndex, "type", json4); >>> The errror i am getting is that cannot convert from string to ElasticClient.searchRequestparameters
This was the solution found
var SearchResponse =await_elasticClient.LowLevel.SearchAsync<SearchResponse<object>>(FraudIndex, json4);
I am trying to fetch image path in an alias field using graphql, I am able to get output like this:
Output:
{
"data": {
"leaders": [
{
"partyImg": {
"image": {
"url": "/uploads/17a5f020cc974679ac52e56a22b74dd6.png"
}
}
},
{
"partyImg": {
"image": {
"url": "/uploads/70bd673d41654058847e39c14cda5fef.png"
}
}
},
{
"partyImg": {
"image": {
"url": "/uploads/c54a0ace0bb34da3985c67945b1d0bf0.png"
}
}
}
]
}
}
When I used the following graphql code:
Input:
query Leaders{
leaders{
partyImg: party{image: Image{ url }},
}
}
The output I am trying to get is:
Expected output:
{
"data": {
"leaders": [
{
"partyImg": "/uploads/17a5f020cc974679ac52e56a22b74dd6.png"
},
{
"partyImg": "/uploads/70bd673d41654058847e39c14cda5fef.png"
},
{
"partyImg": "/uploads/c54a0ace0bb34da3985c67945b1d0bf0.png"
}
]
}
}
Please help me to prepare the graphql input which could generate the expected output.
It appears the graphql schema prevents you from getting the data in the format that you want. Based on your input query, I expect the schema looks something like this:
query {
leaders: [Leader]
}
type Leader {
party: Party
}
type Party {
Image: Image
}
type Image {
url: String
}
To get the data in the format that you want, you would need a schema that looks more like:
query {
leaders: [Leader]
}
type Leader {
party: Party,
imageUrl: String
}
Then you could do:
query Leaders {
leaders {
partyImg: imageUrl
}
}
I assume you don't control the schema, so you would have to do post processing. If you are using javascript, the following could work for the above output as a simple mapping exercise.
(function() {
var output = {
"data": {
"leaders": [{
"partyImg": {
"image": {
"url": "/uploads/17a5f020cc974679ac52e56a22b74dd6.png"
}
}
},
{
"partyImg": {
"image": {
"url": "/uploads/70bd673d41654058847e39c14cda5fef.png"
}
}
},
{
"partyImg": {
"image": {
"url": "/uploads/c54a0ace0bb34da3985c67945b1d0bf0.png"
}
}
}
]
}
};
var transformed = {
data: {
leaders: output.data.leaders.map(function flattenUrl(item) {
return {
partyImg: item.partyImg.image.url
};
})
}
}
document.getElementById('transformedOutput').innerHTML = JSON.stringify(transformed);
}());
<div id="transformedOutput"></div>
If you are the author of this graphql schema, you can structure it in whatever way makes the most sense to your applications and/or consumers.
Based on this Shopify documentation, I'm trying to execute this GraphQL query:
query getDiscount($code: DiscountCodeSortKeys) {
priceRules(first: 1) {
edges {
node {
discountCodes(first: 1, sortKey: $code) {
edges {
node {
code
id
}
}
}
}
}
}
}
In GraphiQL in my Shopify admin page I get this output:
{
"data": {
"priceRules": {
"edges": [
{
"node": {
"discountCodes": {
"edges": [
{
"node": {
"code": "discount_code_1",
"id": "gid://shopify/PriceRuleDiscountCode/1888888"
}
}
]
}
}
}
]
}
},
"extensions": {
"cost": {
"requestedQueryCost": 6,
"actualQueryCost": 6,
"throttleStatus": {
"maximumAvailable": 1000,
"currentlyAvailable": 994,
"restoreRate": 50
}
}
}
}
However, when I execute the same query in GraphiQL IDE after editing the HTTP headers and putting the GraphQL endpoint (https://my_domain.com/api/graphql), I get a html code with the title of 404 page not found as you can see in the picture below:
The problem was in the selected method "GET", it worked when I selected the "POST" method.
Basically I am trying to use REST hreat to create two variables issuerId and sectionName. I am trying to get data from the URI mentioned below
http://ftc-wbpyrdb201:8080/statdata/InsStatData/_aggrs/getDataByIssuerAndSectionName?avars={"issuerId":19038},{"sectionName":"ASSETS"}
My aggregation definition is a below
{"$push" : {
"aggrs":
{
"type": "pipeline",
"uri": "getDataByIssuerAndSectionName",
"stages": [
{
"_$match": {
"_$and": [
{"issuerId": {"_$var": "issuerId" }},
{
"sectionName": {"_$var": "sectionName"}
}
]
}
},
{
"_$unwind": "$sections"
},
{
"_$unwind": "$sections.data"
},
{
"_$unwind": "$sections.data.values"
},
{
"_$match": {
"_$and": [
{"issuerId": {"_$var": "issuerId" }},
{
"sectionName": {"_$var": "sectionName"}
}
]
}
}
]
}
}
}
I am sure I am doing something wring in either defining the aggregation or while requesting the URI. There is not enough in the documentation. Please help me with this request.