2 configured triggers in Alert, but only 1 trigger is getting triggered

Hi Team,

Hope you all are doing good!

I have created an alert to search for error logs, and attached 2 triggers to that alert.

The Alert interval was 24 hours, and the extraction query also pulled 24 hours data for processing.

The Trigger configurations -

1. Notify Alert results - Trigger condition => count > 0. Just aggregate based on a field , and send it to Webex channel.

2. Notify if count > 100 - This will notify only when the count > 100. - This was added recently.

The alert has been running for a week, and only the 2nd trigger is getting triggered. Not sure what is wrong.

Is there any limit as to there can be only 1 trigger - alert pair working ?

Also, is it possible see the next run of Monitor in dashboard - cos I changed the cron to * * * * * for debugging but the monitor and triggers are not running at all

Hi @hvarday-cisco,

Does the second trigger also aggregate the data on the same field as the first trigger? Did you see that the first trigger condition is being set to true, but is not generating an alert and sending a notification?
Also which version of OpenSearch or ElasticSearch are you using?

Regarding the monitor not running issue, have you set one of these settings, opendistro.scheduled_jobs.enabled or plugins.scheduled_jobs.enabled, to false by any chance?
If so, the value needs to be set to true and then update the monitor with anything to ensure that monitor is put back on the schedule.