Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Open Search 2.9.0
Open Search Dashboard 2.9.0
Describe the issue:
I have an opensearch index which will keep indexing data for below fields
requestorName, accountName, endpoint and health at every 15 mins.
Example 1) RSSRequestor, account1, http:///…1.rss, UP.
2) RSSRequestor, account2, http:///…2.rss, DOWN,
3) DataRequestor, account1, http:///…any.com, DOWN.
I want to generate alerts that can send individual email notification when health of requestor is DOWN.
For the above example it should send 2 emails. 1) RssRequestor, account2 having endpoint http:///…2.rss is DOWN
2)DataRequestor, account1 having endpoint http:///…any.com is DOWN.
One requestor can have several accounts and each account can have multiple endpoints. I want to generate individual email for each requestor for all endpoints
that are down. Also want to send alert if the endpoint is back UP. Can you provide full example of how to use open search alert for this scenario.
I tried using per query monitor but it sends only single alert.
Questions
Which monitor should I use? Can you guide on how to send multiple email notifications for each requesters that is down?
Also want to send an email after the requester is back UP.
Tried with the below query monitor
"query": {
"bool": {
"must": [
{
"term": {
"health.keyword": {
"value": "DOWN",
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
}
Hello @darshita, welcome to the forum!
I just want to understand your requirement a little better.
+---------------+-------------+-------------------+--------+
| requestorName | accountName | endpoint | health |
+---------------+-------------+-------------------+--------+
| RSSRequestor | account1 | http:///…1.rss | UP |
| RSSRequestor | account1 | http:///…2.rss | DOWN |
| RSSRequestor | account2 | http:///…1.rss | DOWN |
| RSSRequestor | account2 | http:///…2.rss | DOWN |
| DataRequestor | account1 | http:///…any1.com | DOWN |
| DataRequestor | account1 | http:///…any2.com | DOWN |
+---------------+-------------+-------------------+--------+
Would you want 2 alerts (for each requestor, regardless of which account)?
Or would you want 3 alerts (for each requestor / account combination)?
BR,
Andreas
Thank you for the quick reply @AESthetix256.
Please guide on this. Can this be completely achieved using OpenSearch alert plugin?
To make it more clear, we also have a timestamp field in this index. So more recent status is considered as the final status.
---------------±------------±------------------±-------±--------±----------±-------±----------
| requestorName | accountName | endpoint | health | timestamp
±--------------±------------±------------------±-------±---------±----------±-------±--------
| RSSRequestor | account1 | url…1.rss | UP | 04-10-2023 11:30
| RSSRequestor | account1 | url…2.rss | DOWN | 04-10-2023 11:00
| RSSRequestor | account2 | url…1.rss | DOWN | 04-10-2023 11:00
|RSSRequestor | account3 | url…3.rss | UP | 04-10-2023 11:00
| DataRequestor | account1 | url…any1com | DOWN | 04-10-2023 11:00
| DataRequestor | account1 | url…any2com | DOWN | 04-10-2023 11:00
±--------------±------------±------------------±-------±----------±-------±-------------------±-------±--------
Considering the above data. It should generate 2 email at 11:00 AM.
1)Email1- Subject : Health for RSS requestor is down.
Details
RSS requestor
Account1 - URL - DOWN
Account2- URL - DOWN.
Note (we dont need account3 and its endpoint here as its already UP at 11:00 AM)
2)Email2 - Subject : Health for DataRequestor is down.
account1 - url…any1com DOWN
account1 - url…any2com DOWN.
After 11:00 AM, the endpoint url…1.rss gets accesible again or UP again at 11:30 AM. In that case it should again generate email for RSSRequestor.
1)Email1- Subject : Health for RSS requestor is again UP.
Details
RSS requestor
Account1 - URL - UP
(we want include only account/endpoints that were previously down and now up.
Can anyone please help on this? Is this really possible via OpenSearch alert plugin?