Need multiple filter condition for alerting during create monitor

sowmiyapj · December 2, 2021, 8:06am

Hi,
I am using an elasticsearch and kibana opendistro images of version 1.13.1.

I have 4 CPEs [CPE01, CPE02, CPE03, CPE04] and connected 4 interfaces [ETH00, ETH01, LAN00, LAN01] for each CPE’s. I had downed one of the CPEs interface[For example ETH00] and i get a log message in kibana as ETH00: Link is Down in syslog_message field and <158>Dec 2 07:14:01 cpe-base root: ETH00: Link is Down in message field

I created one monitor and trigger to check which interface is down using the visuals graph as follows when COUNT() OVER all documents FOR THE Last 1 hour(s) WHERE syslog_message is ETH00: Link is Down. Created an trigger and action as email destination.

My requirement is:
1) How can i know which CPEs ETH00 interface is down and i need to dynamically pass that CPEs IP in email subject and in mustache template.
2) How to add multiple filters during create monitor.

jathin12 · December 2, 2021, 2:40pm

you can generate aggregations using bucket level monitors, below is a example.

during trigger condition you can write painless script and update ctx.results object
and then in actions you can use mustache templates to generate email in the format you need.

i cant find good examples for them in opensearch docs, but they pretty much work the same as elasticsearch alerts and you can check their docs and examples.

Topic		Replies	Views
2 configured triggers in Alert, but only 1 trigger is getting triggered Alerting	1	612	October 26, 2021
Support multiple inputs for a Monitor Alerting	5	1265	August 31, 2020
Alerting Mechanism in OD for Kibana Open Source Elasticsearch and Kibana	2	776	September 1, 2020
Email alerting in Kibana not getting more data Alerting	1	716	December 27, 2021
Manage Your Open Distro for Elasticsearch Alerting Monitors With odfe-monitor-cli \| Open Distro General Feedback	1	860	February 7, 2023

Need multiple filter condition for alerting during create monitor

Related topics