How to pass variable `ctx.payload.hits.total` of the 'hit' log into transform-script of webhook watcher?

Question

I have following webhook watcher which is working perfectly creating OTRS ticket when word "Error" appears in logs.

{
  "trigger": {
    "schedule": {
      "interval": "1m"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "query_string": {
                    "query": "Error"
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-1m"
                    }
                  }
                }
              ]
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {
      "ctx.payload.hits.total": {
        "gte": 1
      }
    }
  },
  "actions": {
    "create_otrs": {
      "transform": {
        "script": {
          "source": "return ['Ticket':['Queue':'Engineering Team','Priority':'P3','CustomerUser':'root','Title':'RESTCreateTest','State':'new','Type':'Incident'],'Article':['ContentType':'text/plain;charset=utf8','Subject':'RestCreateTest','Body':'This is only a test']]",
          "lang": "painless"
        }
      },
      "webhook": {
        "scheme": "http",
        "host": "myotrs.com",
        "port": 80,
        "method": "post",
        "path": "/otrs/GenericTicketConnectorREST/User=<User>&Pass=<Password>",
        },
        "headers": {},
        "body": "{{#toJson}}ctx.payload{{/toJson}}"
      }
    }
  }
}

However, right now functionality is limited as it creates ticket with fixed body This is only a test. I want to pass the exact error message body of the log into the ticket body. How to pass variables into script body? I have included one of the hits, it also shows the document I am trying to access. I need the "ctx.payload.hits.total" part of the document-hit to be the body of the ticket.

{
  "_index": ".ds-logs-elastic_agent.filebeat-default",
  "_source": {
    "input_source": "https://ser.example.com:80/export",
    "agent": {
      "name": "syslog01",
      "id": "5836558b-b17d-445e",
      "type": "filebeat",
      "ephemeral_id": "36bdfeca-3c60",
      "version": "8.3.3"
    },
    "service.name": "filebeat",
    "log": {
      "file": {
        "path": "/opt/Elastic/Agent/data/elastic-agent-0ffbed/logs/default/filebeat-20230127-12.ndjson"
      },
      "offset": 248078415
    },
    "elastic_agent": {
      "id": "5836558b-b17d",
      "version": "8.3.3",
      "snapshot": false
    },
    "message": """Error while processing http request: failed to execute rf.collectResponse: failed to execute http client.Do: failed to execute http client.Do: Post "https://ser.example.com:80/export": POST https://ser.example.com:80/export giving up after 6 attempts""",
    "log.logger": "input.httpjson-cursor",
    "input": {
      "type": "filestream"
    },
    "log.origin": {
      "file.line": 128,
      "file.name": "httpjson/input.go"
    },
    "@timestamp": "2023-01-27T14:44:42.790Z",
    "ecs": {
      "version": "8.0.0"
    },
    "data_stream": {
      "namespace": "default",
      "type": "logs",
      "dataset": "elastic_agent.filebeat"
    },
    "host": {
      "hostname": "syslog01",
      "os": {
        "kernel": "3.10.25-gentoo",
        "name": "Gentoo",
        "type": "linux",
        "family": "",
        "version": "",
        "platform": "gentoo"
      },
      "containerized": false,
      "log.level": "error",
      "input_url": "https://ser.example.com:8089/export",
      "id": "httpjson-system.security-ba2ec41b-457b-442a",
      "event": {
        "agent_id_status": "verified",
        "ingested": "2023-01-27T14:44:58Z",
        "dataset": "elastic_agent.filebeat"
      }
    },
    "_id": "pCWw84UB8FDLddfs",
    "_score": 2.2840834
  }
}