Configuring OpenSearch Alerting to Telegram

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

OpenSearch 3.0

Describe the issue:
I’m trying to set up OpenSearch Alerting to send notifications directly to a Telegram chat using a custom webhook channel. The goal is to create a Monitor that triggers on specific log events (e.g., logs with error level) and sends formatted alerts to Telegram via HTTPS POST.
The notification channel is already set up and test messages to Telegram are working manually. The challenge is configuring the monitor, especially the query condition and the message template payload compatible with the Telegram API.
I need guidance or examples on how to properly build the trigger query and construct the JSON payload for the message.

Configuration:

• Alerting plugin: Using OpenSearch built-in Alerting / Notifications (not ElastAlert)
• Channel type: Custom webhook
• Method: POST
• Protocol: HTTPS
• Telegram bot: Configured and connected to a group/channel
• Webhook URL: Working and reachable from the server

Relevant Logs or Screenshots:

@Pan-Vad Once you have created your telegram bot and connected it to a channel/group, you should have the following:

HTTP API (eg. 7458126523:AAGlmasngXkcZcST2Fkygj8QBWctAQzvohA)
chat_id (eg -4810203639 )

When you have these, you can create notification channel using UI

Screenshot 2025-06-23 at 17.19.101340×1116 55 KB

The message body of the action inside the monitor can look like this:

{
  "chat_id": "-4810313738",
  "text": "Alert - Monitor '{{ctx.monitor.name}}' triggered: '{{ctx.trigger.name}}'"
}

Screenshot 2025-06-23 at 17.21.201580×1458 198 KB

I’ve created and connected the notification channel and also set up the message template, but when I try to test it, an error occurs and the message is not delivered.

It’s possible that only Mustache templates are allowed, while Telegram expects the message in raw JSON format?

im11394×579 39 KB

im2714×471 24.1 KB

Does this work for you?