I have an alert rule which uses per bucket monitor, it is scheduled to run every 5 minutes.
I use bucket aggregation.
my trigger condition
{
“buckets_path”: {
“doc_count”: “_count”
},
“parent_bucket_path”: “node_status”,
“script”: {
“source”: “params.doc_count > 0”,
“lang”: “painless”
},
“gap_policy”: “skip”
}
In action i have something like this
{{#ctx.newAlerts}} {{bucket_keys}} {{/ctx.newAlerts}}{{#ctx.dedupedAlerts}} {{bucket_keys}} {{/ctx.dedupedAlerts}}
I have single alert notified if alerts have same timestamp.
I dont want that. I want different documents to be sent in different alerts.
is there anyway I can send separate alerts in this case?