Modify REST API for get alerts

Hi, I want to update the REST API used for fetching alerts so that it includes other fields related to that alert in the API response. Can anybody let me know whether it is possible or not? If yes, how can this be done?

Hi @poojamehta_ids,

If you mean that you’d like modify the Alerts themselves so they contain additional information and then have that reflected in the Get Alerts REST API response then you can add the additional information/fields you want stored to the Alert data class and then update the toXContent and parse so that data can be indexed and subsequently read back.

You might also want to update the alert mapping so it recognizes the field the way you want it to.

The Get Alerts API is essentially returning a search response format of the fetched Alerts so these changes should be sufficient to have those additions reflected in there.

If you have a specific example, I might be able to provide further assistance if the approach above isn’t what you’re looking for.

@qreshi Thanks, this helps. Can you please let me know any specific index from which they are fetching Alerts related data, so I can add fields to the Alert data class accordingly.

@poojamehta_ids,

Active Alerts are stored in .opendistro-alerting-alerts and if the alert history option is enabled, COMPLETED/DELETED Alerts will be moved to history indices of the pattern.opendistro-alerting-alert-history*.

All of those indices use the alert_mapping.json mapping I linked above. If you do update this mapping, I suggest also incrementing the schema version so if you upgrade to a version of Alerting with your changes while already having Alerting and its indices present on a cluster, it will recognize the update.

1 Like