'How to use 2 conditions inside the elastic watcher

I'm new to ELK, can i use 2 conditions in Elastic watchers. I am getting a field from logs like data = 0 and data = 1 so i need to use that "data" as condition inside my watcher to elobarate the events.

Thanks in advance

devops elastic-stack

Solution 1:^[1]

There's many solutions. Here's one using painless script:

[query sections...]
  },
  "condition": {
    "script": {
      "source": """
def obj = ctx.payload.hits.hits.0;
if (obj.data.value == 0 || obj.data.value == 1) {
    return true;
}
return false;
      """,
      "lang": "painless"
    }
  },
  "actions": {
[actions sections to follow...]

Of course I'm only making up the CTX context data path. In the example, I am referring to the "data" field of the first returned record. You will have to figure out what you want to check. One common piece of data is from aggregations, then you will have a to access ctx.payload.aggregations.*

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	Chasun

'How to use 2 conditions inside the elastic watcher

Solution 1:[1]

Sources

Related Questions

Solution 1:^[1]