Openseach monitor alerting query

2.7.0 (relevant - OpenSearch/Dashboard/Server OS/Browser):

I am trying to create a monitor which sends a notification when there are no messages to a component in between 6am and night 10 pm. This component doesn’t gets messages in the night so that’s the reason that the alarm should check only from 6am to 10pm. I am new to opensearch query language and couldn’t write this query. This is the current query which i have , which basically alerts when there are no messages in last 4 hours.

{
    "size": 0,
    "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "from": "{{period_end}}||-4h",
                            "to": "{{period_end}}",
                            "include_lower": true,
                            "include_upper": true,
                            "format": "epoch_millis",
                            "boost": 1
                        }
                    }
                },
                {
                    "term": {
                        "ComponentName": {
                            "value": "XXXX",
                            "boost": 1
                        }
                    }
                }
            ],
            "adjust_pure_negative": true,
            "boost": 1
        }
    },
    "aggregations": {}
}

Configuration:

Relevant Logs or Screenshots:

@sonu Did you consider cron to control the execution time

i.e.:

0 6-22 * * *

Hi Pablo, no. Can we also do this with cron job? Do you mean the search query with a cron job? Can you please explain bit more?

@sonu I’ve just fixed the documentation link in my last post. Please review it.
You can configure alert to run with a custom cron expression.

No problem!

Thank you Pablo for the cron expression!!

1 Like