Skip to content
Orwell

input() & query()

input()

Sets the watcher’s input as a chain input. Each key in the object becomes a named input in the chain.

Signature

input(spec: Record<string, any>): void

How it works

  • Primitive values (string, number, boolean, plain objects) become simple (static) inputs.
  • query() or rawQuery() values become search inputs.

Examples

Static values only

input({
  env: 'NON-PROD',
  threshold: 5,
})

Produces a chain with a single simple input:

{
  "input": {
    "chain": {
      "inputs": [
        {
          "static": {
            "simple": { "env": "NON-PROD", "threshold": 5 }
          }
        }
      ]
    }
  }
}

Mix of static and query inputs

input({
  env: 'PROD',
  logs: query({
    indexes: ['app-*'],
    timeRange: '-1h to now',
    query: 'error',
  })
})

Produces a chain with a simple input followed by a named search input:

{
  "input": {
    "chain": {
      "inputs": [
        { "static": { "simple": { "env": "PROD" } } },
        {
          "logs": {
            "search": {
              "request": {
                "indices": ["app-*"],
                "body": { ... }
              }
            }
          }
        }
      ]
    }
  }
}

The ctx.payload.logs path then holds the search result in subsequent steps.

query()

Builds an Elasticsearch search input with a high-level API.

Signature

query(spec: {
  indexes: string[],
  timeRange: string,
  query?: string,
  filters?: Record<string, any>,
}): QuerySpec

Parameters

FieldRequiredDescription
indexesYesArray of index patterns
timeRangeYesTime window string, e.g. '-1h to now'
queryNoFull-text search string (maps to match on all fields)
filtersNoKey-value pairs for term filters; values can be comparison operators

Example

input({
  logs: query({
    indexes: ['eks-*'],
    timeRange: '-2h to now',
    query: 'Failed to create order',
    filters: {
      'kubernetes.pod_name': isOneOf('api-service', 'worker'),
      'log.level': 'error',
    }
  })
})

rawQuery()

Bypasses the query builder and passes a raw Elasticsearch input body.

Signature

rawQuery(body: object): QuerySpec

Example

input({
  results: rawQuery({
    search: {
      request: {
        indices: ['.watcher-history-*'],
        body: {
          query: {
            bool: {
              filter: [
                { term: { 'watch_id': 'my-watcher' } },
                { range: { 'result.execution_time': { gte: 'now-2h' } } }
              ]
            }
          }
        }
      }
    }
  })
})