Import detection rules

Is it possible to import pre-defined and user defined detection rules from Elasticsearch into Opensearch?


As per OpenSearch documentation, there is no mechanism to import detection rules.

So, if we want to re-use already created rules, then how we can use them in OpenSearch?

Moved from Security category to Alerting.

Hi @poojamehta_ids,

Currently Alerting does not support importing or exporting Monitors in ElasticSearch and OpenSearch.
This is a feature that has been requested and we do plan to release this feature.
You can track the release of the feature through this github issue.
Do note that this import and export feature will only be there for the first version of Opensearch the feature is released for and future versions.

To solve your specific problem, you can use the searchMonitor API on the Elasticsearch cluster to get all of your monitor data. Then extract out the contents under "_source" from each hit in the response, which will give you the monitor object information needed to rebuild the monitor in the Opensearch cluster. Then use the createMonitor API with the monitor object information that was extracted to recreate the monitor.
You may have to do some tweaks to ensure the monitor behaves the same.

1 Like