We want a moniter created by checking for the memoryPercent value from the documents retrieved after running the query

SanJan · August 31, 2023, 2:22am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
v 2.7.0

Describe the issue:
We want a moniter created by checking for the memoryPercent value from the documents retrieved after running the query for the oc_xxxx_log index in our Opensearch.
once we get the results for the documents, we need to set a condition where memoryPercent > 3 that is present under the field “message” :

Currently we have exposed the memoryPercent field outside the container field.

I’m seeing this tough to configure and need help from someone how to get this done.

Configuration:

Relevant Logs or Screenshots:

gaobinlong · August 31, 2023, 6:57am

You can create a per query monitor and use Extraction query editor, define your query DSL, and then create a trigger, the trigger condition can be like:

for (hit in ctx.results[0].hits.hits)
{
    if (hit._source.memoryPercent!=null && hit._source.memoryPercent>3) {
        return true;
}
}
return false;

,click the Preview condition response button to test the condition.

SanJan · August 31, 2023, 12:40pm

Thanks [gaobinlong]… This looks good. I’ll configure and test using this method.

Topic		Replies	Views
Create Monitor Condition for per document monitor if query having field which contains value `greater than` or `less than` particular value Alerting discuss	0	269	December 12, 2022
Extraction query response limited to 10000 hits Alerting	3	5606	May 6, 2020
Creating Detectors Reporting Plugin	0	264	December 7, 2022
Opensearch Anomaly Detector Custom Expressions OpenSearch Dashboards anomaly-detection	7	144	April 3, 2024
Losing top documents when query reaches the `terminate_after` limit OpenSearch troubleshoot	3	246	November 3, 2023

We want a moniter created by checking for the memoryPercent value from the documents retrieved after running the query

Related Topics