Can we modify .opendistro-alerting-alert index and add our own field?

Plugins Alerting
1

I am trying to modify .opendistro-alerting-alerts which store all the information related to monitors, triggers, and destination. I would like to add one more field inside trigger along with severity is risk_score can I do that? If it is possible how to achieve that?

@pablo @searchymcsearchface

Basically, I have been able to update the mapping of .opendistro-alerting-alerts, but while using this API(POST - _plugins/_alerting/monitors) to create a new monitor doesn’t add risk_score in it.

image
image305×742 44.6 KB

2

Hi @mann,

If I’m understanding correctly and you’re looking to update the information present in the Alerts you can follow what was mentioned here.

However, if you’re trying to update the Monitor config itself, you’ll want to make changes to the Monitor data model class to add any fields, including updating toXContent and parsing logic. Then you can update the Monitor mappings to account for those new fields.

1 Like
3

Thanks @qreshi. That is helpful.

4

@qreshi @skkosuri-amzn @pablo I have started setting up the alerting plugin with opensearch as a developer mode, first I clone the OpenSearch and run the./gradlew run command on my Linux VM, as by default alerting is not integrated with OpenSearch so for that what steps do I need to follow to integrate alerting plugin with my running OpenSearch and start editing the code to get my required outputs?

5

@mann If you clone the Alerting repo and run ./gradlew run there it will start up an OpenSearch cluster with Alerting on it so you can test any changes you’re making. You can refer to the developer guide for other useful commands as well.

6

I am facing the build failure, can you help me with that? Please find attached a screenshot for your reference.

OS - MAC OS Catalina V10.15.5
JDK - 14.0.2
Gradle - 5.5.1

image (2)
image (2)2478×790 77.5 KB

7

@qreshi I am able to run on a Linux environment, and I was successfully able to integrate my own field under monitor config. Now as I am trying to understand the code workflow, can you let me know how to start or enable a debugger such that I can able to identify the files which are executed and their order.

For now, I manually added logger messages and tried to understand the workflow, once a Create Monitor API triggers.

  1. RestIndexMonitorActions.kt - prepareRequest
  2. Monitor.kt (Model) - Parse
  3. Trigger.kt (Model) - Parse
  4. QueryLevelTrigger (Model) - Parse
  5. Monitor.kt - Init (2 Times)
  6. RestIndexMonitorActions.kt - indexMonitorResponse
  7. IndexMonitorRequest.kt - validate
  8. TransportIndexMonitorAction.kt - doExecute method
  9. TransportIndexMonitorAction.kt - checkIndicesAndExecute method
  10. TransportIndexMonitorAction.kt - resolveUserAndStart
  11. Monitor.kt - Init
  12. TransportIndexMonitorAction.kt - Start (.opendistro-alerting-config) Index Created
  13. TransportIndexMonitorAction.kt - onCreateMappingResponse (.opendistro-alerting-config) Set Mapping
  14. TransportIndexMonitorAction.kt - prepareMonitorIndexing
  15. TransportIndexMonitorAction.kt - validateActionThrottle
  16. TransportIndexMonitorAction.kt - onSearchResponse
  17. TransportIndexMonitorAction.kt - indexMonitor
  18. Monitor.kt - Init
  19. Monitor.kt - CreateXContentBuilder
  20. Monitor.kt - Parse
  21. Trigger.kt - Parse
  22. QueryLevelTrigger.kt - Parse
  23. Monitor.kt - Init (2 times) Scheduling Job Id - Monitor
  24. TransportIndexMonitorAction.kt - checkShardFailures
  25. IndexMonitorRequest.kt - toXContent
  26. Monitor.kt - CreateXContentBuilder