Receiving email over triggered alert

Plugins Alerting
1

Hi, everyone!!
I want to create an alert system wich sends an email only if the condition which triggers the sending of the email is matched.
The fact is, when I set a monitor and define the trigger, i receive email depending on the interval defined to run the job, even if the condition is not matched.
I just want the email, only if the condition is matched.

2

Hi @Squall

What type of monitor do you use?

3

Hi!!
I use a per query and a per document monitor.
But i don’t merge them to create a composite monitor.

4

Could you share the output of the following commands?

GET _plugins/_alerting/workflows/<workflow_id>

GET _plugins/_alerting/monitors/<monitor_id>
5

This is the output of ```
GET _plugins/_alerting/monitors/<monitor_id> command

{
  "_id": "AQKjF4oBCdmWu7ny9iX7",
  "_version": 2,
  "_seq_no": 30,
  "_primary_term": 2,
  "monitor": {
    "type": "monitor",
    "schema_version": 6,
    "name": "tomcat-esad-watch",
    "monitor_type": "doc_level_monitor",
    "enabled": true,
    "enabled_time": 1692613736148,
    "schedule": {
      "period": {
        "interval": 1,
        "unit": "MINUTES"
      }
    },
    "inputs": [
      {
        "doc_level_input": {
          "description": "",
          "indices": [
            "app2-metrics"
          ],
          "queries": [
            {
              "id": "esadlb1-query",
              "name": "esadlb1-query",
              "query": """NOT (tomcat.esadlb1.heap.usage.used:"9000000000")""",
              "tags": []
            }
          ]
        }
      }
    ],
    "triggers": [
      {
        "document_level_trigger": {
          "id": "_wKjF4oBCdmWu7ny9iTM",
          "name": "esadlb1-trigger",
          "severity": "1",
          "condition": {
            "script": {
              "source": "query[name=esadlb1-query]",
              "lang": "painless"
            }
          },
          "actions": []
        }
      }
    ],
    "last_update_time": 1692613968586,
    "data_sources": {
      "query_index": ".opensearch-alerting-queries",
      "findings_index": ".opensearch-alerting-finding-history-write",
      "findings_index_pattern": "<.opensearch-alerting-finding-history-{now/d}-1>",
      "alerts_index": ".opendistro-alerting-alerts",
      "alerts_history_index": ".opendistro-alerting-alert-history-write",
      "alerts_history_index_pattern": "<.opendistro-alerting-alert-history-{now/d}-1>",
      "query_index_mappings_by_type": {},
      "findings_enabled": false
    },
    "owner": "alerting"
  }
}
6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.