弹性观察者转换脚本 [英] Elasticsearch watcher transform script

问题描述

如何将有效负载作为输入传递给ELK监视器中的转换进程？我尝试过以下方式，但是将它们作为字符串传递给groovy文件。

 transform：{
脚本：{
file：error_parser，
lang：groovy，
params：{
inputval：{{ctx。 payload.aggregations.errorcount.buckets}}
} 
} 
} 
  

当我想传递一个字符串或整数时，我面对的不是问题，而是对象。有办法把他们传给档案吗？在这种情况下，我们从groovy脚本返回的输出值在哪里存储（条件过程在类似的情况下将输出评估为布尔值）？

Groovy内容：

  println inputval 
 return inputval [0] .doc_count 
  / pre> 
 
 
我执行观察者时遇到以下错误
  {{ctx.payload.aggregations.errorcount.buckets}} 
 [2016-03-22 17：23：08,637] [错误] [watcher.transform.script] [Hannah Levy]未能执行[script]转换for [my-watch_2-2016-03-22T21：23：08.617 
 Z] 
 ScriptException [无法运行文件脚本[error_parser]使用lang [groovy]];嵌套：MissingPropertyException [没有这样的属性：doc_count为类：
 java.lang.String]; 
在org.elasticsearch.script.groovy.GroovyScriptEngineService $ GroovyScript.run（GroovyScriptEngineService.java:318）
在org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.doExecute（ExecutableScriptTransform.java:73） 
在org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute（ExecutableScriptTransform.java:59）
在org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute（ExecutableScriptTransform.java:40） 
  
 
 
解决方案
我很确定你不能这样做： / p> 
 
 
 inputval：{{ctx.payload.aggregations.errorcount.buckets}}
  
我会在脚本中执行此操作
  println ctx.payload.aggregations.errorcount.buckets 
 return ctx.payload.aggregations.errorcount.buckets [0] .doc_count 
  
，我会删除该参数脚本部分
 
How to pass the payload as input to 'transform' process in ELK watcher? I have tried with following way but it pass them as string to groovy file.
"transform": {
   "script": {
     "file": "error_parser",
     "lang": "groovy",
     "params": {
       "inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
     }
   }
 }
When I wanted to pass a string or integer, I face no issues, but with objects. Is there a way to pass them to file? And in this case, where do the output value that we return from groovy script stored (The 'condition' process evaluates the output to boolean in similar case)?

Groovy content:
println inputval
return inputval[0].doc_count
I get following error when I execute the watcher
{{ctx.payload.aggregations.errorcount.buckets}}
[2016-03-22 17:23:08,637][ERROR][watcher.transform.script ] [Hannah Levy] failed to execute [script] transform for [my-watch_2-2016-03-22T21:23:08.617
Z]
ScriptException[failed to run file script [error_parser] using lang [groovy]]; nested: MissingPropertyException[No such property: doc_count for class:
 java.lang.String];
        at org.elasticsearch.script.groovy.GroovyScriptEngineService$GroovyScript.run(GroovyScriptEngineService.java:318)
        at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.doExecute(ExecutableScriptTransform.java:73)
        at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:59)
        at org.elasticsearch.watcher.transform.script.ExecutableScriptTransform.execute(ExecutableScriptTransform.java:40)

解决方案
I'm pretty sure you cannot do this : 
"inputval": "{{ctx.payload.aggregations.errorcount.buckets}}"
I would do this in your script instead
println ctx.payload.aggregations.errorcount.buckets
return ctx.payload.aggregations.errorcount.buckets[0].doc_count
and I'd remove the params for the script part

                        
这篇关于弹性观察者转换脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！