As i know Monitor does not support multiple inputs, something similar to main stream Chain Input Chain input | Elasticsearch Guide [6.5] | Elastic ? Is there any way i can workaround for this? My need is i want to execute 2 queries, the first query result will be an input for the next one (Lookup for a list of ids in first query and use it as a filter in second one).
Thank you!
Hi @vietpham thanks for the feedback. Today we support a single ES query in the monitor, and don’t have a way to do chaning We have opened an issue for supporting alert chaining. Please feel free to give it a 
and add any context for your use case. Support for Alert Monitor Chaining · Issue #43 · opendistro-for-elasticsearch/alerting · GitHub
Hi Vietpham,
If you are trying to use the second query to just filter out the search results from the first query, you may want to check post-filter in below link as workaround.
Post filter | Elasticsearch Guide [6.6] | Elastic.
Example:-
curl -X PUT "localhost:9200/shirts" -H 'Content-Type: application/json' -d'
{
"mappings": {
"properties": {
"brand": { "type": "keyword"},
"color": { "type": "keyword"},
"model": { "type": "keyword"}
}
}
}
'
=====
DOCS
====
curl -X PUT "localhost:9200/shirts/_doc/1?refresh" -H 'Content-Type: application/json' -d'
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 2
}
'
curl -X PUT "localhost:9200/shirts/_doc/2?refresh" -H 'Content-Type: application/json' -d'
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 5
}
'
curl -X PUT "localhost:9200/shirts/_doc/3?refresh" -H 'Content-Type: application/json' -d'
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 1
}
'
curl -X PUT "localhost:9200/shirts/_doc/4?refresh" -H 'Content-Type: application/json' -d'
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": -8
}
'
curl -X PUT "localhost:9200/shirts/_doc/5?refresh" -H 'Content-Type: application/json' -d'
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 9
}
'
===========
Post filter on search results for price less than 6
curl -X GET "localhost:9200/shirts/_search" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"filter": {
"term": { "brand": "gucci" }
}
}
},
"post_filter": {
"range" : { "price" : { "lt" : 6 } }
}
}
'
===========
Output
{"took":5,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":4,"relation":"eq"},"max_score":0.0,"hits":[{"_index":"shirts","_type":"_doc","_id":"1","_score":0.0,"_source":
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 2
}
},{"_index":"shirts","_type":"_doc","_id":"2","_score":0.0,"_source":
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 5
}
},{"_index":"shirts","_type":"_doc","_id":"3","_score":0.0,"_source":
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": 1
}
},{"_index":"shirts","_type":"_doc","_id":"4","_score":0.0,"_source":
{
"brand": "gucci",
"color": "red",
"model": "slim",
"price": -8
}
}]}}
Thanks @vamshin for suggesting. But my context is still different and ‘post_filter’ may not cable to apply here. The second filter value is completely dynamic and be a result of the first query. It is pricing value 6 comparing to your example.
Viet