I’m trying to set up alerting for some monitors I have, and I want to integrate this with Zabbix. Because we have some colleagues that can access only Zabbix and we try to have everything alerted by Zabbix. Specifically, I want Zabbix to trigger alerts based on data from an OpenSearch API.
My questions are:
Should I configure Zabbix to directly query the OpenSearch API and generate alerts within Zabbix?
Or is it better to handle the alerting inside OpenSearch and then send notifications to Zabbix via a webhook or similar method?
If anyone has experience with this kind of setup, I’d really appreciate your advice or recommendations on best practices.
Keep in mind that Dashboards also has alerting (hm, probably that is what yare referring to also). Maybe it would be easier to alert inside opensearch/dashboards family and use notification channel to Zabbix (if possible I do not know this).
Yes, that’s what I’m using now—dashboard alerting with a notification-channel webhook to Zabbix. I wasn’t able to find a reliable API query that would let me generate alerts automatically.
Personally I would opt for querying Opensearch and triggering on Zabbix.
I’d first think of a few items. Zabbix alerts will query based on item, this item is stored in the Zabbix server database, of which can be used to create triggers against. One main thing to consider be how many items will be created, and how often will the interval be set to query Opensearch.
Then think about how complex the query will be to gather the data for the item. I assume you will be creating custom checks for these items?
Then the triggers can be created and you can have alerts from there.
A couple other options you could use are Alerting or Security Analytics in Opensearch.