Alerting Dashboard - See The Log That Triggered The Alert

fehim · August 9, 2024, 11:52am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Dashboards 2.15
Opensearch 2.15

Describe the issue:
I have my syslog index in which I hold system logs from several linux machines. Using alerting I created a few monitors that check activities in these linux machines.

When an alert has been triggered (for example when a host fails SSH 3 times) using my monitor I can only see that alert has been triggered but have no idea about the exact host machine (basically the log) that the activity took place in which is a super crucial information. Is there any way I can implement this, I checked out Detectors but that also doesnt provide this functionality as far as I can see.
I think if this feature hasnt been implement yet it makes Opensearch not a good alternative for a SIEM this that crucial.

Relevant Logs or Screenshots:

Mantas · August 16, 2024, 2:09pm

Hi @fehim,

Have you checked “Add a subject and body for the message.” here: Monitors - OpenSearch Documentation

best,
mj

fehim · August 19, 2024, 8:49am

Hi, thanks for the answer, but the link you sent is for notifications which can be customised what I want is getting these information on the GUI of opensearch dashboards

Topic		Replies	Views
Indexing the results of an Alerting Monitor OpenSearch alerting	0	303	December 19, 2022
Is Dashboards Alerting feature compatible with HA design? Alerting	1	524	January 5, 2022
How to get system index(.opendistro-alerting-alerts) in alerting in monitor Alerting	5	52	October 22, 2024
Alerts in opensearch dashboards delete Alerting configure , alerting	0	436	July 21, 2022
Can't view any alerts or findings ( Security Analytics ) Security Analytics	1	45	October 6, 2024

Alerting Dashboard - See The Log That Triggered The Alert

Related topics