Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.13
Do sample_documents also exist for ctx.dedupedAlerts and ctx.completedAlerts or only for ctx.newAlerts
like: ctx.newAlerts.0.sample_documents
Right now, we’re only adding support for printing sample_documents for newAlerts. We’re able to gather those documents during the execution of the monitor. To make sample docs available for deduped, and completed alerts would require a bit more work as we’ll need to decide how best to acquire that snapshot of documents. For example, I have a follow-up item for this feature to explore whether we could effectively achieve this by storing the IDs for the sample docs in the alert data model.
do you know of another way to get sample_documents other then ctx.newAlerts.0.sample_documents?
For per bucket monitors, sample_documents are only collected and available under the newAlerts variable. For per document monitors, sample_documents are available under the alerts variable (e.g., ctx.alerts.0.sample_documents).
ok thanks!
but sample_documents for ctx.dedupedAlerts and ctx.completedAlerts would really be great.
so thumbs up for your follow-up item for this feature!!
I’ve added request [FEATURE] Sample docs in notification message for deduped, and completedAlerts · Issue #1519 · opensearch-project/alerting · GitHub to track the implementation of this enhancement.
1 Like
you’re the best! Thank you!
No no, thank you!
Also, I have an open question in this comment on the documentation update PR. I’m trying to not bog down the page with too much text, but I’m also not sure if this example will be clear enough. You have a few moments, we’d really appreciate any feedback!
Actually, I had no problems to understand the documentation and the example when I first saw the example before version 2.13 even came out. I think it is well documented in this regard.
At first I rather had difficulties to understand whether the sample_documents variable is only applicable to ctx.newAlerts or also to dedupedand completed alerts. But that may be the case, not because of the documentation, but that I desperately wanted it to work also for deduped and completed alerts. 
Ah sorry it doesn’t support that yet! I do have that as a follow-up item, and I’m aiming that within the next week or 2 I’ll have a draft describing what changes would be needed to support that to run by the alerting team. I’d ideally like to get that support in along with some performance enhancements.
Also, I’m glad the documentation sounds good; thanks for reviewing it!