In Kibana Watcher, I'm trying to use the average results from a nested aggregation of a bucket on a condition within a Kibana Watcher but getting an null reference error when running a simulate on the Watcher
"condition": { "script": { "source": "ctx.payload.aggregations.modules.buckets.metricAgg.size() >= 1", "lang": "painless" } }
This is my nested aggregation:
"aggregations": {
"modules": {
"terms": {
"field": "host.hostname.keyword",
"size": 8,
"min_doc_count": 1
},
"aggregations": {
"metricAgg": {
"avg": {
"field": "stats"
}
}
}
}
}
My aggregation result is below:
"aggregations": {
"modules": {`
"doc_count_error_upper_bound": 0,`
"sum_other_doc_count": 0,`
"buckets": [`
{
"doc_count": 218,
"metricAgg": {
"value": 1.8669724770642202
},
"key": "server1"
},
{
"doc_count": 217,
"metricAgg": {
"value": 2.096774193548387
},
"key": "server2"
},
{
"doc_count": 215,
"metricAgg": {
"value": 2.1116279069767443
},
"key": "server3"
},
{
"doc_count": 212,
"metricAgg": {
"value": 1.919811320754717
},
"key": "server4"
},
{
"doc_count": 1,
"metricAgg": {
"value": 1
},
"key": "server5"
}
]
}
}
}```
I'm receiving the following error when attempting to simulate the watcher
"exception": { "type": "script_exception", "reason": "runtime error", "script_stack": [ "ctx.payload.aggregations.modules.buckets.metricAgg.size() >= 1", " ^---- HERE" ],
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Illegal list shortcut value [metricAgg].",
"stack_trace": "java.lang.IllegalArgumentException: Illegal list shortcut value [metricAgg].\n\tat
You can not access metricAgg directly from buckets.
Buckets holds an array of objects each containing metricAgg. If you wanted to access a specific metricAgg value, you would need to do:
ctx.payload.aggregations.modules.buckets[0].metricAgg.value // should yeild 1.8669724770642202