Open Search Version 1.3.2
Hi together,
i have RDS databases in the AWS and need a monitoring for “low storage”. The cloud watch alarms flows into OpenSearch. There i have to configure an alarm with a query and a trigger, but im not really sure, how to do it.
For the Query i used this line:
{
"size": 20,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": "{{period_end}}||-2m",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
},
{
"query_string": {
"query": "detail.EventCategories:low storage",
"fields": [],
"type": "best_fields",
"default_operator": "or",
"max_determinized_states": 10000,
"enable_position_increments": true,
"fuzziness": "AUTO",
"fuzzy_prefix_length": 0,
"fuzzy_max_expansions": 50,
"phrase_slop": 0,
"escape": false,
"auto_generate_synonyms_phrase_query": true,
"fuzzy_transpositions": true,
"boost": 1
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}
For he trigger, i found the following in this forum, but it doesn’t work for me:
for (hit in ctx.payload.hits.hits) {
if (hit._source?.detail?.Message != null) {
return true;
}
}
return false;
I think this is an alarm, which is used very often for RDS instances?
Does anyone have an example for me, how it should look like?
Thanks in advance,
MAT