kibanamustacheelasticsearch-opendistro

How to format query result as json in Action message template


I'm using Opendistro for creating alert and calling a custom webhook to send the alert. I would like Opendistro to send the query result within the message. The only problem is the format of the result is not json but something close.

For example, if the message template (Mustache) is as follow

{{{ctx.results.0}}}

My webhook might receive something like this

{_shards={total=30, failed=0, successful=30, skipped=0}, hits={hits=[], total=3, max_score=0.0}, took=16, timed_out=false, aggregations={aggregation={doc_count_error_upper_bound=0, sum_other_doc_count=0, buckets=[{doc_count=3, key=1.1.1.1}]}}}

which is the query result, but not formatted as json. I would like to know if there is a way to output a complex variable as json in mustache template or if there is a way to parse the format above. Or maybe there is another variable available in context that is already stringified?

I found this other post on Opendistro forum which expose the same problem.


Solution

  • As the update in you posted link from OpenDistro forum, there is a solution available. I've tested it works well.

    {{#toJson}}ctx.results.0{{/toJson}}