2.7.0 (relevant - OpenSearch/Dashboard/Server OS/Browser):
I am trying to create a monitor which sends a notification when there are no messages to a component in between 6am and night 10 pm. This component doesn’t gets messages in the night so that’s the reason that the alarm should check only from 6am to 10pm. I am new to opensearch query language and couldn’t write this query. This is the current query which i have , which basically alerts when there are no messages in last 4 hours.
{
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"@timestamp": {
"from": "{{period_end}}||-4h",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
},
{
"term": {
"ComponentName": {
"value": "XXXX",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}
Configuration:
Relevant Logs or Screenshots: