Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
v.2.16.0
Describe the issue:
I want to thank everyone for helping me with a newbie.
I have most things working as expected. My last challenge is getting the Monitoring ID and the Alert ID sent with the alert message so I can acknowledge them.
I’m getting the correct alerts based on my search and processing them on our backend server.
However, the alerts need to be acknowledged; I have a call to the API using the monitor name to get the monitor id and another call to search for active alerts. Finally, a third call sends the acknowledgment to the API.
Ideally, I would like to get them both dynamically in the alert message so I can acknowledge as part of my process.
I have hard-coded the monitor ID for now, as that should not change.
Looking at this document Triggers - OpenSearch Documentation
I see that there is a ctx.alert.id, but that is only for query-level monitors.
There is ctx.alerts for document-level monitors, that shows ctx.alerts.0.finding_ids and ctx.alerts.0.related_doc_ids. I don’t see an ctx.alerts.0.id
My message so far
{
"alerts": {
"triggerId": "{{ctx.trigger.id}}",
"triggerName": "{{ctx.trigger. name}}",
"lastUpdate": "{{ctx.last_update_time}}",
"periodStart": "{{ctx.periodStart}}",
"periodEnd": "{{ctx.periodEnd}}",
"monitorID":"nncKxJxxxxxxxPomred",
"targetMountPoint": "/dev",
"documents": [
{{#ctx.alerts}}
{{#sample_documents}}
{
"index": "{{_index}}",
"documentId": "{{_id}}",
"timestamp": "{{_source.@timestamp}}",
"operation": {
"action": "{{_source.action}}",
"path": "{{_source.path}}",
"fId": "{{_source..fId}}"
},
"device": {
"host": "{{_source.host}}"
},
"user": {
"email": "{{_source.email}}"
},
"target": {
"destination": "{{_source.target.destination}}",
"process": "{{_source.target.process}}",
"lastupdate": "{{_source.target.lastupdate}}"
},
}{{^-last}}, {{/-last}}
{{/sample_documents}}
{{/ctx.alerts}}
]}
}
Thanks
Harry
Configuration:
Relevant Logs or Screenshots: