Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.4.0
centos -7
Describe the issue:
Not populating new alerts when there is existing acknowledged alert presence on trigger.
Configuration:
{
“name”: “Ipmi-monitor”,
“type”: “monitor”,
“monitor_type”: “query_level_monitor”,
“enabled”: true,
“schedule”: {
“period”: {
“unit”: “MINUTES”,
“interval”: 5
}
},
“inputs”: [
{
“search”: {
“indices”: [
“syslog-ng-dc4”
],
“query”: {
“query”: {
“query_string”: {
“query”: “NOT (PRIORITY:info) AND (PROGRAM: ipmi)”,
“fields”: ,
“type”: “best_fields”,
“default_operator”: “or”,
“max_determinized_states”: 10000,
“enable_position_increments”: true,
“fuzziness”: “AUTO”,
“fuzzy_prefix_length”: 0,
“fuzzy_max_expansions”: 50,
“phrase_slop”: 0,
“escape”: false,
“auto_generate_synonyms_phrase_query”: true,
“fuzzy_transpositions”: true,
“boost”: 1
}
}
}
}
}
],
“triggers”: [
{
“query_level_trigger”: {
“id”: “ZoC68YQBhZCVQ7W0rUan”,
“name”: “ipmi-query-trigger”,
“severity”: “1”,
“condition”: {
“script”: {
“source”: “ctx.results[0].hits.total.value > 0”,
“lang”: “painless”
}
},
“actions”:
}
},
{
“query_level_trigger”: {
“id”: “8TZoBYUBTM5_bigcFNtt”,
“name”: “ipmi-query-trigger-1”,
“severity”: “1”,
“condition”: {
“script”: {
“source”: “ctx.results[0].hits.total.value > 0”,
“lang”: “painless”
}
},
“actions”:
}
}
],
“ui_metadata”: {
“schedule”: {
“timezone”: null,
“frequency”: “interval”,
“period”: {
“unit”: “MINUTES”,
“interval”: 5
},
“daily”: 0,
“weekly”: {
“tue”: false,
“wed”: false,
“thur”: false,
“sat”: false,
“fri”: false,
“mon”: false,
“sun”: false
},
“monthly”: {
“type”: “day”,
“day”: 1
},
“cronExpression”: “0 */1 * * *”
},
“monitor_type”: “query_level_monitor”,
“search”: {
“searchType”: “query”,
“timeField”: “”,
“aggregations”: ,
“groupBy”: ,
“bucketValue”: 1,
“bucketUnitOfTime”: “h”,
“where”: {
“fieldName”: ,
“fieldRangeEnd”: 0,
“fieldRangeStart”: 0,
“fieldValue”: “”,
“operator”: “is”
}
}
}
}
Relevant Logs or Screenshots:
