lqb
/
elasticsearch
Mirror von https://gitee.com/mirrors/elasticsearch.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
							[role="xpack"]
[[condition-script]]
=== {watcher} script condition
++++
<titleabbrev>Script condition</titleabbrev>
++++

A watch <<condition,condition>> that evaluates a script. The default scripting
language is `painless`. You can use any of the scripting languages supported by
Elasticsearch as long as the language supports evaluating expressions to Boolean
values. Note that the `mustache` and `expression` languages are too limited to be
used by this condition. For more information, see <<modules-scripting>>.

==== Using a script condition

The following snippet configures an inline `script` condition that always returns
`true`:

[source,js]
--------------------------------------------------
"condition" : {
  "script" : "return true"
}
--------------------------------------------------
// NOTCONSOLE

This example defines a script as a simple string. This format is actually a
shortcut for defining an <<condition-script-inline,inline>> script. The
formal definition of a script is an object that specifies the script type and
optional language and parameter values. If the `lang` attribute is omitted, the
language defaults to `painless`. Elasticsearch supports two types of scripts,
<<condition-script-inline,inline>> and <<condition-script-stored,stored>>.

For example, the following snippet shows a formal definition of an `inline`
script that explicitly specifies the language and defines a single script
parameter, `result`:

[source,js]
--------------------------------------------------
"condition" : {
  "script" : {
    "source" : "return params.result",
    "lang" : "painless",
    "params" : {
      "result" : true
    }
  }
}
--------------------------------------------------
// NOTCONSOLE

[[condition-script-inline]]
==== Inline scripts

Inline scripts are scripts that are defined in the condition itself. The
following snippet shows the formal configuration of a simple painless script that
always returns `true`.

[source,js]
--------------------------------------------------
"condition" : {
  "script" : {
    "source" : "return true"
  }
}
--------------------------------------------------
// NOTCONSOLE

[[condition-script-stored]]
==== Stored scripts

Stored scripts refer to scripts that were
<<modules-scripting-using,stored>> in Elasticsearch. The following
snippet shows how to refer to a script by its `id`:

[source,js]
--------------------------------------------------
"condition" : {
  "script" : {
    "id" : "my_script"
  }
}
--------------------------------------------------
// NOTCONSOLE

As with <<condition-script-inline,inline>> scripts, you can also specify the
script language and parameters:

[source,js]
--------------------------------------------------
"condition" : {
  "script" : {
    "id" : "my_script",
    "lang" : "javascript",
    "params" : { "color" : "red" }
  }
}
--------------------------------------------------
// NOTCONSOLE

[[accessing-watch-payload]]
==== Accessing the watch payload

A script can access the current watch execution context, including the payload
data, as well as any parameters passed in through the condition definition.

For example, the following snippet defines a watch that uses a
<<input-search,`search` input>> and uses a `script` condition to check if the
number of hits is above a specified threshold:

[source,js]
--------------------------------------------------
{
  "input" : {
    "search" : {
      "indices" : "log-events",
      "body" : {
        "size" : 0,
        "query" : { "match" : { "status" : "error" } }
      }
    }
  },
  "condition" : {
    "script" : {
      "source" : "return ctx.payload.hits.total > params.threshold",
      "params" : {
        "threshold" : 5
      }
    }
  }
}
--------------------------------------------------
// NOTCONSOLE

When you're using a scripted condition to evaluate an Elasticsearch response,
keep in mind that the fields in the response are no longer in their native data
types. For example, the `@timestamp` in the response is a string, rather than a
`DateTime`. To compare the response `@timestamp` against the `ctx.execution_time`,
you need to parse the `@timestamp` string into a `ZonedDateTime`. For example:

[source,js]
--------------------------------------------------
java.time.ZonedDateTime.parse(@timestamp)
--------------------------------------------------
// NOTCONSOLE

You can reference the following variables in the watch context:

[options="header"]
|======
| Name                          | Description
| `ctx.watch_id`                | The id of the watch that is currently executing.
| `ctx.execution_time`          | The time execution of this watch started.
| `ctx.trigger.triggered_time`  | The time this watch was triggered.
| `ctx.trigger.scheduled_time`  | The time this watch was supposed to be triggered.
| `ctx.metadata.*`              | Any metadata associated with the watch.
| `ctx.payload.*`               | The payload data loaded by the watch's input.
|======