Alerting API

Use the alerting API to programmatically manage monitors and alerts.


Table of contents


Create query-level monitor

Introduced 1.0

Query-level monitors run the query and check whether the results should trigger any alerts. As such, query-level monitors can only trigger one alert at a time. For more information about query-level monitors versus bucket-level monitors, see Create monitors.

Request

  1. POST _plugins/_alerting/monitors
  2. {
  3. "type": "monitor",
  4. "name": "test-monitor",
  5. "monitor_type": "query_level_monitor",
  6. "enabled": true,
  7. "schedule": {
  8. "period": {
  9. "interval": 1,
  10. "unit": "MINUTES"
  11. }
  12. },
  13. "inputs": [{
  14. "search": {
  15. "indices": ["movies"],
  16. "query": {
  17. "size": 0,
  18. "aggregations": {},
  19. "query": {
  20. "bool": {
  21. "filter": {
  22. "range": {
  23. "@timestamp": {
  24. "gte": "||-1h",
  25. "lte": "",
  26. "format": "epoch_millis"
  27. }
  28. }
  29. }
  30. }
  31. }
  32. }
  33. }
  34. }],
  35. "triggers": [{
  36. "name": "test-trigger",
  37. "severity": "1",
  38. "condition": {
  39. "script": {
  40. "source": "ctx.results[0].hits.total.value > 0",
  41. "lang": "painless"
  42. }
  43. },
  44. "actions": [{
  45. "name": "test-action",
  46. "destination_id": "ld7912sBlQ5JUWWFThoW",
  47. "message_template": {
  48. "source": "This is my message body."
  49. },
  50. "throttle_enabled": true,
  51. "throttle": {
  52. "value": 27,
  53. "unit": "MINUTES"
  54. },
  55. "subject_template": {
  56. "source": "TheSubject"
  57. }
  58. }]
  59. }]
  60. }

If you use a custom webhook for your destination and need to embed JSON in the message body, be sure to escape your quotes:

  1. {
  2. "message_template": {
  3. "source": "{ \"text\": \"Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue. - Trigger: {{ctx.trigger.name}} - Severity: {{ctx.trigger.severity}} - Period start: {{ctx.periodStart}} - Period end: {{ctx.periodEnd}}\" }"
  4. }
  5. }

Sample response

  1. {
  2. "_id": "vd5k2GsBlQ5JUWWFxhsP",
  3. "_version": 1,
  4. "_seq_no": 7,
  5. "_primary_term": 1,
  6. "monitor": {
  7. "type": "monitor",
  8. "schema_version": 1,
  9. "name": "test-monitor",
  10. "enabled": true,
  11. "enabled_time": 1562703611363,
  12. "schedule": {
  13. "period": {
  14. "interval": 1,
  15. "unit": "MINUTES"
  16. }
  17. },
  18. "inputs": [{
  19. "search": {
  20. "indices": [
  21. "movies"
  22. ],
  23. "query": {
  24. "size": 0,
  25. "query": {
  26. "bool": {
  27. "filter": [{
  28. "range": {
  29. "@timestamp": {
  30. "from": "||-1h",
  31. "to": "",
  32. "include_lower": true,
  33. "include_upper": true,
  34. "format": "epoch_millis",
  35. "boost": 1
  36. }
  37. }
  38. }],
  39. "adjust_pure_negative": true,
  40. "boost": 1
  41. }
  42. },
  43. "aggregations": {}
  44. }
  45. }
  46. }],
  47. "triggers": [{
  48. "id": "ud5k2GsBlQ5JUWWFxRvi",
  49. "name": "test-trigger",
  50. "severity": "1",
  51. "condition": {
  52. "script": {
  53. "source": "ctx.results[0].hits.total.value > 0",
  54. "lang": "painless"
  55. }
  56. },
  57. "actions": [{
  58. "id": "ut5k2GsBlQ5JUWWFxRvj",
  59. "name": "test-action",
  60. "destination_id": "ld7912sBlQ5JUWWFThoW",
  61. "message_template": {
  62. "source": "This is my message body.",
  63. "lang": "mustache"
  64. },
  65. "throttle_enabled": false,
  66. "subject_template": {
  67. "source": "Subject",
  68. "lang": "mustache"
  69. }
  70. }]
  71. }],
  72. "last_update_time": 1562703611363
  73. }
  74. }

If you want to specify a timezone, you can do so by including a cron expression with a timezone name in the schedule section of your request.

The following example creates a monitor that runs at 12:10 PM Pacific Time on the 1st day of every month.

Request

  1. {
  2. "type": "monitor",
  3. "name": "test-monitor",
  4. "monitor_type": "query_level_monitor",
  5. "enabled": true,
  6. "schedule": {
  7. "cron" : {
  8. "expression": "10 12 1 * *",
  9. "timezone": "America/Los_Angeles"
  10. }
  11. },
  12. "inputs": [{
  13. "search": {
  14. "indices": ["movies"],
  15. "query": {
  16. "size": 0,
  17. "aggregations": {},
  18. "query": {
  19. "bool": {
  20. "filter": {
  21. "range": {
  22. "@timestamp": {
  23. "gte": "||-1h",
  24. "lte": "",
  25. "format": "epoch_millis"
  26. }
  27. }
  28. }
  29. }
  30. }
  31. }
  32. }
  33. }],
  34. "triggers": [{
  35. "name": "test-trigger",
  36. "severity": "1",
  37. "condition": {
  38. "script": {
  39. "source": "ctx.results[0].hits.total.value > 0",
  40. "lang": "painless"
  41. }
  42. },
  43. "actions": [{
  44. "name": "test-action",
  45. "destination_id": "ld7912sBlQ5JUWWFThoW",
  46. "message_template": {
  47. "source": "This is a message body."
  48. },
  49. "throttle_enabled": true,
  50. "throttle": {
  51. "value": 27,
  52. "unit": "MINUTES"
  53. },
  54. "subject_template": {
  55. "source": "Subject"
  56. }
  57. }]
  58. }]
  59. }

For a full list of timezone names, refer to Wikipedia. The alerting plugin uses the Java TimeZone class to convert a ZoneId to a valid timezone.


Create bucket-level monitor

Bucket-level monitors categorize results into buckets separated by fields. The monitor then runs your script with each bucket’s results and evaluates whether to trigger an alert. For more information about bucket-level monitors versus query-level monitors, see Create monitors.

  1. POST _plugins/_alerting/monitors
  2. {
  3. "type": "monitor",
  4. "name": "test-bucket-level-monitor",
  5. "monitor_type": "bucket_level_monitor",
  6. "enabled": true,
  7. "schedule": {
  8. "period": {
  9. "interval": 1,
  10. "unit": "MINUTES"
  11. }
  12. },
  13. "inputs": [
  14. {
  15. "search": {
  16. "indices": [
  17. "movies"
  18. ],
  19. "query": {
  20. "size": 0,
  21. "query": {
  22. "bool": {
  23. "filter": [
  24. {
  25. "range": {
  26. "order_date": {
  27. "from": "||-1h",
  28. "to": "",
  29. "include_lower": true,
  30. "include_upper": true,
  31. "format": "epoch_millis"
  32. }
  33. }
  34. }
  35. ]
  36. }
  37. },
  38. "aggregations": {
  39. "composite_agg": {
  40. "composite": {
  41. "sources": [
  42. {
  43. "user": {
  44. "terms": {
  45. "field": "user"
  46. }
  47. }
  48. }
  49. ]
  50. },
  51. "aggregations": {
  52. "avg_products_base_price": {
  53. "avg": {
  54. "field": "products.base_price"
  55. }
  56. }
  57. }
  58. }
  59. }
  60. }
  61. }
  62. }
  63. ],
  64. "triggers": [
  65. {
  66. "bucket_level_trigger": {
  67. "name": "test-trigger",
  68. "severity": "1",
  69. "condition": {
  70. "buckets_path": {
  71. "_count": "_count",
  72. "avg_products_base_price": "avg_products_base_price"
  73. },
  74. "parent_bucket_path": "composite_agg",
  75. "script": {
  76. "source": "params._count > 50 || params.avg_products_base_price < 35",
  77. "lang": "painless"
  78. }
  79. },
  80. "actions": [
  81. {
  82. "name": "test-action",
  83. "destination_id": "E4o5hnsB6KjPKmHtpfCA",
  84. "message_template": {
  85. "source": """Monitor just entered alert status. Please investigate the issue. - Trigger: - Severity: - Period start: - Period end: - Deduped Alerts: * : - New Alerts: * : - Completed Alerts: * : """,
  86. "lang": "mustache"
  87. },
  88. "throttle_enabled": false,
  89. "throttle": {
  90. "value": 10,
  91. "unit": "MINUTES"
  92. },
  93. "action_execution_policy": {
  94. "action_execution_scope": {
  95. "per_alert": {
  96. "actionable_alerts": [
  97. "DEDUPED",
  98. "NEW"
  99. ]
  100. }
  101. }
  102. },
  103. "subject_template": {
  104. "source": "The Subject",
  105. "lang": "mustache"
  106. }
  107. }
  108. ]
  109. }
  110. }
  111. ]
  112. }

Sample response

  1. {
  2. "_id" : "Dfxr63sBwex6DxEhHV5N",
  3. "_version" : 1,
  4. "_seq_no" : 3,
  5. "_primary_term" : 1,
  6. "monitor" : {
  7. "type" : "monitor",
  8. "schema_version" : 4,
  9. "name" : "test-bucket-level-monitor",
  10. "monitor_type" : "bucket_level_monitor",
  11. "user" : {
  12. "name" : "",
  13. "backend_roles" : [ ],
  14. "roles" : [ ],
  15. "custom_attribute_names" : [ ],
  16. "user_requested_tenant" : null
  17. },
  18. "enabled" : true,
  19. "enabled_time" : 1631742270785,
  20. "schedule" : {
  21. "period" : {
  22. "interval" : 1,
  23. "unit" : "MINUTES"
  24. }
  25. },
  26. "inputs" : [
  27. {
  28. "search" : {
  29. "indices" : [
  30. "opensearch_dashboards_sample_data_flights"
  31. ],
  32. "query" : {
  33. "size" : 0,
  34. "query" : {
  35. "bool" : {
  36. "filter" : [
  37. {
  38. "range" : {
  39. "order_date" : {
  40. "from" : "||-1h",
  41. "to" : "",
  42. "include_lower" : true,
  43. "include_upper" : true,
  44. "format" : "epoch_millis",
  45. "boost" : 1.0
  46. }
  47. }
  48. }
  49. ],
  50. "adjust_pure_negative" : true,
  51. "boost" : 1.0
  52. }
  53. },
  54. "aggregations" : {
  55. "composite_agg" : {
  56. "composite" : {
  57. "size" : 10,
  58. "sources" : [
  59. {
  60. "user" : {
  61. "terms" : {
  62. "field" : "user",
  63. "missing_bucket" : false,
  64. "order" : "asc"
  65. }
  66. }
  67. }
  68. ]
  69. },
  70. "aggregations" : {
  71. "avg_products_base_price" : {
  72. "avg" : {
  73. "field" : "products.base_price"
  74. }
  75. }
  76. }
  77. }
  78. }
  79. }
  80. }
  81. }
  82. ],
  83. "triggers" : [
  84. {
  85. "bucket_level_trigger" : {
  86. "id" : "C_xr63sBwex6DxEhHV5B",
  87. "name" : "test-trigger",
  88. "severity" : "1",
  89. "condition" : {
  90. "buckets_path" : {
  91. "_count" : "_count",
  92. "avg_products_base_price" : "avg_products_base_price"
  93. },
  94. "parent_bucket_path" : "composite_agg",
  95. "script" : {
  96. "source" : "params._count > 50 || params.avg_products_base_price < 35",
  97. "lang" : "painless"
  98. },
  99. "gap_policy" : "skip"
  100. },
  101. "actions" : [
  102. {
  103. "id" : "DPxr63sBwex6DxEhHV5B",
  104. "name" : "test-action",
  105. "destination_id" : "E4o5hnsB6KjPKmHtpfCA",
  106. "message_template" : {
  107. "source" : "Monitor just entered alert status. Please investigate the issue. - Trigger: - Severity: - Period start: - Period end: - Deduped Alerts: * : - New Alerts: * : - Completed Alerts: * : ",
  108. "lang" : "mustache"
  109. },
  110. "throttle_enabled" : false,
  111. "subject_template" : {
  112. "source" : "The Subject",
  113. "lang" : "mustache"
  114. },
  115. "throttle" : {
  116. "value" : 10,
  117. "unit" : "MINUTES"
  118. },
  119. "action_execution_policy" : {
  120. "action_execution_scope" : {
  121. "per_alert" : {
  122. "actionable_alerts" : [
  123. "DEDUPED",
  124. "NEW"
  125. ]
  126. }
  127. }
  128. }
  129. }
  130. ]
  131. }
  132. }
  133. ],
  134. "last_update_time" : 1631742270785
  135. }
  136. }

Update monitor

Introduced 1.0

When you update a monitor, include the current version number as a parameter. OpenSearch increments the version number automatically (see the sample response).

Request

  1. PUT _plugins/_alerting/monitors/<monitor_id>
  2. {
  3. "type": "monitor",
  4. "name": "test-monitor",
  5. "enabled": true,
  6. "enabled_time": 1551466220455,
  7. "schedule": {
  8. "period": {
  9. "interval": 1,
  10. "unit": "MINUTES"
  11. }
  12. },
  13. "inputs": [{
  14. "search": {
  15. "indices": [
  16. "*"
  17. ],
  18. "query": {
  19. "query": {
  20. "match_all": {
  21. "boost": 1
  22. }
  23. }
  24. }
  25. }
  26. }],
  27. "triggers": [{
  28. "id": "StaeOmkBC25HCRGmL_y-",
  29. "name": "test-trigger",
  30. "severity": "1",
  31. "condition": {
  32. "script": {
  33. "source": "return true",
  34. "lang": "painless"
  35. }
  36. },
  37. "actions": [{
  38. "name": "test-action",
  39. "destination_id": "RtaaOmkBC25HCRGm0fxi",
  40. "subject_template": {
  41. "source": "My Message Subject",
  42. "lang": "mustache"
  43. },
  44. "message_template": {
  45. "source": "This is my message body.",
  46. "lang": "mustache"
  47. }
  48. }]
  49. }],
  50. "last_update_time": 1551466639295
  51. }

Sample response

  1. {
  2. "_id": "Q9aXOmkBC25HCRGmzfw-",
  3. "_version": 4,
  4. "monitor": {
  5. "type": "monitor",
  6. "name": "test-monitor",
  7. "enabled": true,
  8. "enabled_time": 1551466220455,
  9. "schedule": {
  10. "period": {
  11. "interval": 1,
  12. "unit": "MINUTES"
  13. }
  14. },
  15. "inputs": [{
  16. "search": {
  17. "indices": [
  18. "*"
  19. ],
  20. "query": {
  21. "query": {
  22. "match_all": {
  23. "boost": 1
  24. }
  25. }
  26. }
  27. }
  28. }],
  29. "triggers": [{
  30. "id": "StaeOmkBC25HCRGmL_y-",
  31. "name": "test-trigger",
  32. "severity": "1",
  33. "condition": {
  34. "script": {
  35. "source": "return true",
  36. "lang": "painless"
  37. }
  38. },
  39. "actions": [{
  40. "name": "test-action",
  41. "destination_id": "RtaaOmkBC25HCRGm0fxi",
  42. "subject_template": {
  43. "source": "My Message Subject",
  44. "lang": "mustache"
  45. },
  46. "message_template": {
  47. "source": "This is my message body.",
  48. "lang": "mustache"
  49. }
  50. }]
  51. }],
  52. "last_update_time": 1551466761596
  53. }
  54. }

Get monitor

Introduced 1.0

Request

  1. GET _plugins/_alerting/monitors/<monitor_id>

Sample response

  1. {
  2. "_id": "Q9aXOmkBC25HCRGmzfw-",
  3. "_version": 3,
  4. "monitor": {
  5. "type": "monitor",
  6. "name": "test-monitor",
  7. "enabled": true,
  8. "enabled_time": 1551466220455,
  9. "schedule": {
  10. "period": {
  11. "interval": 1,
  12. "unit": "MINUTES"
  13. }
  14. },
  15. "inputs": [{
  16. "search": {
  17. "indices": [
  18. "*"
  19. ],
  20. "query": {
  21. "query": {
  22. "match_all": {
  23. "boost": 1
  24. }
  25. }
  26. }
  27. }
  28. }],
  29. "triggers": [{
  30. "id": "StaeOmkBC25HCRGmL_y-",
  31. "name": "test-trigger",
  32. "severity": "1",
  33. "condition": {
  34. "script": {
  35. "source": "return true",
  36. "lang": "painless"
  37. }
  38. },
  39. "actions": [{
  40. "name": "test-action",
  41. "destination_id": "RtaaOmkBC25HCRGm0fxi",
  42. "subject_template": {
  43. "source": "My Message Subject",
  44. "lang": "mustache"
  45. },
  46. "message_template": {
  47. "source": "This is my message body.",
  48. "lang": "mustache"
  49. }
  50. }]
  51. }],
  52. "last_update_time": 1551466639295
  53. }
  54. }

Monitor stats

Introduced 1.0

Returns statistics about the alerting feature. Use _plugins/_alerting/stats to find node IDs and metrics. Then you can drill down using those values.

Request

  1. GET _plugins/_alerting/stats
  2. GET _plugins/_alerting/stats/<metric>
  3. GET _plugins/_alerting/<node-id>/stats
  4. GET _plugins/_alerting/<node-id>/stats/<metric>

Sample response

  1. {
  2. "_nodes": {
  3. "total": 9,
  4. "successful": 9,
  5. "failed": 0
  6. },
  7. "cluster_name": "475300751431:alerting65-dont-delete",
  8. "plugins.scheduled_jobs.enabled": true,
  9. "scheduled_job_index_exists": true,
  10. "scheduled_job_index_status": "green",
  11. "nodes_on_schedule": 9,
  12. "nodes_not_on_schedule": 0,
  13. "nodes": {
  14. "qWcbKbb-TVyyI-Q7VSeOqA": {
  15. "name": "qWcbKbb",
  16. "schedule_status": "green",
  17. "roles": [
  18. "MASTER"
  19. ],
  20. "job_scheduling_metrics": {
  21. "last_full_sweep_time_millis": 207017,
  22. "full_sweep_on_time": true
  23. },
  24. "jobs_info": {}
  25. },
  26. "Do-DX9ZcS06Y9w1XbSJo1A": {
  27. "name": "Do-DX9Z",
  28. "schedule_status": "green",
  29. "roles": [
  30. "DATA",
  31. "INGEST"
  32. ],
  33. "job_scheduling_metrics": {
  34. "last_full_sweep_time_millis": 230516,
  35. "full_sweep_on_time": true
  36. },
  37. "jobs_info": {}
  38. },
  39. "n5phkBiYQfS5I0FDzcqjZQ": {
  40. "name": "n5phkBi",
  41. "schedule_status": "green",
  42. "roles": [
  43. "MASTER"
  44. ],
  45. "job_scheduling_metrics": {
  46. "last_full_sweep_time_millis": 228406,
  47. "full_sweep_on_time": true
  48. },
  49. "jobs_info": {}
  50. },
  51. "Tazzo8cQSY-g3vOjgYYLzA": {
  52. "name": "Tazzo8c",
  53. "schedule_status": "green",
  54. "roles": [
  55. "DATA",
  56. "INGEST"
  57. ],
  58. "job_scheduling_metrics": {
  59. "last_full_sweep_time_millis": 211722,
  60. "full_sweep_on_time": true
  61. },
  62. "jobs_info": {
  63. "i-wsFmkB8NzS6aXjQSk0": {
  64. "last_execution_time": 1550864912882,
  65. "running_on_time": true
  66. }
  67. }
  68. },
  69. "Nyf7F8brTOSJuFPXw6CnpA": {
  70. "name": "Nyf7F8b",
  71. "schedule_status": "green",
  72. "roles": [
  73. "DATA",
  74. "INGEST"
  75. ],
  76. "job_scheduling_metrics": {
  77. "last_full_sweep_time_millis": 223300,
  78. "full_sweep_on_time": true
  79. },
  80. "jobs_info": {
  81. "NbpoFmkBeSe-hD59AKgE": {
  82. "last_execution_time": 1550864928354,
  83. "running_on_time": true
  84. },
  85. "-LlLFmkBeSe-hD59Ydtb": {
  86. "last_execution_time": 1550864732727,
  87. "running_on_time": true
  88. },
  89. "pBFxFmkBNXkgNmTBaFj1": {
  90. "last_execution_time": 1550863325024,
  91. "running_on_time": true
  92. },
  93. "hfasEmkBNXkgNmTBrvIW": {
  94. "last_execution_time": 1550862000001,
  95. "running_on_time": true
  96. }
  97. }
  98. },
  99. "oOdJDIBVT5qbbO3d8VLeEw": {
  100. "name": "oOdJDIB",
  101. "schedule_status": "green",
  102. "roles": [
  103. "DATA",
  104. "INGEST"
  105. ],
  106. "job_scheduling_metrics": {
  107. "last_full_sweep_time_millis": 227570,
  108. "full_sweep_on_time": true
  109. },
  110. "jobs_info": {
  111. "4hKRFmkBNXkgNmTBKjYX": {
  112. "last_execution_time": 1550864806101,
  113. "running_on_time": true
  114. }
  115. }
  116. },
  117. "NRDG6JYgR8m0GOZYQ9QGjQ": {
  118. "name": "NRDG6JY",
  119. "schedule_status": "green",
  120. "roles": [
  121. "MASTER"
  122. ],
  123. "job_scheduling_metrics": {
  124. "last_full_sweep_time_millis": 227652,
  125. "full_sweep_on_time": true
  126. },
  127. "jobs_info": {}
  128. },
  129. "URMrXRz3Tm-CB72hlsl93Q": {
  130. "name": "URMrXRz",
  131. "schedule_status": "green",
  132. "roles": [
  133. "DATA",
  134. "INGEST"
  135. ],
  136. "job_scheduling_metrics": {
  137. "last_full_sweep_time_millis": 231048,
  138. "full_sweep_on_time": true
  139. },
  140. "jobs_info": {
  141. "m7uKFmkBeSe-hD59jplP": {
  142. "running_on_time": true
  143. }
  144. }
  145. },
  146. "eXgt1k9oTRCLmx2HBGElUw": {
  147. "name": "eXgt1k9",
  148. "schedule_status": "green",
  149. "roles": [
  150. "DATA",
  151. "INGEST"
  152. ],
  153. "job_scheduling_metrics": {
  154. "last_full_sweep_time_millis": 229234,
  155. "full_sweep_on_time": true
  156. },
  157. "jobs_info": {
  158. "wWkFFmkBc2NG-PeLntxk": {
  159. "running_on_time": true
  160. },
  161. "3usNFmkB8NzS6aXjO1Gs": {
  162. "last_execution_time": 1550863959848,
  163. "running_on_time": true
  164. }
  165. }
  166. }
  167. }
  168. }

Delete monitor

Introduced 1.0

Request

  1. DELETE _plugins/_alerting/monitors/<monitor_id>

Sample response

  1. {
  2. "_index": ".opensearch-scheduled-jobs",
  3. "_type": "_doc",
  4. "_id": "OYAHOmgBl3cmwnqZl_yH",
  5. "_version": 2,
  6. "result": "deleted",
  7. "forced_refresh": true,
  8. "_shards": {
  9. "total": 2,
  10. "successful": 2,
  11. "failed": 0
  12. },
  13. "_seq_no": 11,
  14. "_primary_term": 1
  15. }

Search monitors

Introduced 1.0

Request

  1. GET _plugins/_alerting/monitors/_search
  2. {
  3. "query": {
  4. "match" : {
  5. "monitor.name": "my-monitor-name"
  6. }
  7. }
  8. }

Sample response

  1. {
  2. "took": 17,
  3. "timed_out": false,
  4. "_shards": {
  5. "total": 5,
  6. "successful": 5,
  7. "skipped": 0,
  8. "failed": 0
  9. },
  10. "hits": {
  11. "total": 1,
  12. "max_score": 0.6931472,
  13. "hits": [{
  14. "_index": ".opensearch-scheduled-jobs",
  15. "_type": "_doc",
  16. "_id": "eGQi7GcBRS7-AJEqfAnr",
  17. "_score": 0.6931472,
  18. "_source": {
  19. "type": "monitor",
  20. "name": "my-monitor-name",
  21. "enabled": true,
  22. "enabled_time": 1545854942426,
  23. "schedule": {
  24. "period": {
  25. "interval": 1,
  26. "unit": "MINUTES"
  27. }
  28. },
  29. "inputs": [{
  30. "search": {
  31. "indices": [
  32. "*"
  33. ],
  34. "query": {
  35. "size": 0,
  36. "query": {
  37. "bool": {
  38. "filter": [{
  39. "range": {
  40. "@timestamp": {
  41. "from": "||-1h",
  42. "to": "",
  43. "include_lower": true,
  44. "include_upper": true,
  45. "format": "epoch_millis",
  46. "boost": 1
  47. }
  48. }
  49. }],
  50. "adjust_pure_negative": true,
  51. "boost": 1
  52. }
  53. },
  54. "aggregations": {}
  55. }
  56. }
  57. }],
  58. "triggers": [{
  59. "id": "Sooi7GcB53a0ewuj_6MH",
  60. "name": "Over",
  61. "severity": "1",
  62. "condition": {
  63. "script": {
  64. "source": "_ctx.results[0].hits.total > 400000",
  65. "lang": "painless"
  66. }
  67. },
  68. "actions": []
  69. }],
  70. "last_update_time": 1545854975758
  71. }
  72. }]
  73. }
  74. }

Run monitor

Introduced 1.0

You can add the optional ?dryrun=true parameter to the URL to show the results of a run without actions sending any message.

Request

  1. POST _plugins/_alerting/monitors/<monitor_id>/_execute

Sample response

  1. {
  2. "monitor_name": "logs",
  3. "period_start": 1547161872322,
  4. "period_end": 1547161932322,
  5. "error": null,
  6. "trigger_results": {
  7. "Sooi7GcB53a0ewuj_6MH": {
  8. "name": "Over",
  9. "triggered": true,
  10. "error": null,
  11. "action_results": {}
  12. }
  13. }
  14. }

Get alerts

Introduced 1.0

Returns an array of all alerts.

Request

  1. GET _plugins/_alerting/monitors/alerts

Response

  1. {
  2. "alerts": [
  3. {
  4. "id": "eQURa3gBKo1jAh6qUo49",
  5. "version": 300,
  6. "monitor_id": "awUMa3gBKo1jAh6qu47E",
  7. "schema_version": 2,
  8. "monitor_version": 2,
  9. "monitor_name": "Example_monitor_name",
  10. "monitor_user": {
  11. "name": "admin",
  12. "backend_roles": [
  13. "admin"
  14. ],
  15. "roles": [
  16. "all_access",
  17. "own_index"
  18. ],
  19. "custom_attribute_names": [],
  20. "user_requested_tenant": null
  21. },
  22. "trigger_id": "bQUQa3gBKo1jAh6qnY6G",
  23. "trigger_name": "Example_trigger_name",
  24. "state": "ACTIVE",
  25. "error_message": null,
  26. "alert_history": [
  27. {
  28. "timestamp": 1617314504873,
  29. "message": "Example error emssage"
  30. },
  31. {
  32. "timestamp": 1617312543925,
  33. "message": "Example error message"
  34. }
  35. ],
  36. "severity": "1",
  37. "action_execution_results": [
  38. {
  39. "action_id": "bgUQa3gBKo1jAh6qnY6G",
  40. "last_execution_time": 1617317979908,
  41. "throttled_count": 0
  42. }
  43. ],
  44. "start_time": 1616704000492,
  45. "last_notification_time": 1617317979908,
  46. "end_time": null,
  47. "acknowledged_time": null
  48. }
  49. ],
  50. "totalAlerts": 1
  51. }

Acknowledge alert

Introduced 1.0

After getting your alerts, you can acknowledge any number of active alerts in one call. If the alert is already in an ERROR, COMPLETED, or ACKNOWLEDGED state, it appears in the failed array.

Request

  1. POST _plugins/_alerting/monitors/<monitor-id>/_acknowledge/alerts
  2. {
  3. "alerts": ["eQURa3gBKo1jAh6qUo49"]
  4. }

Sample response

  1. {
  2. "success": [
  3. "eQURa3gBKo1jAh6qUo49"
  4. ],
  5. "failed": []
  6. }

Create destination

Introduced 1.0

Requests

  1. POST _plugins/_alerting/destinations
  2. {
  3. "name": "my-destination",
  4. "type": "slack",
  5. "slack": {
  6. "url": "http://www.example.com"
  7. }
  8. }
  9. POST _plugins/_alerting/destinations
  10. {
  11. "type": "custom_webhook",
  12. "name": "my-custom-destination",
  13. "custom_webhook": {
  14. "path": "incomingwebhooks/123456-123456-XXXXXX",
  15. "header_params": {
  16. "Content-Type": "application/json"
  17. },
  18. "scheme": "HTTPS",
  19. "port": 443,
  20. "query_params": {
  21. "token": "R2x1UlN4ZHF8MXxxVFJpelJNVDgzdGNwXXXXXXXXX"
  22. },
  23. "host": "hooks.chime.aws"
  24. }
  25. }
  26. POST _plugins/_alerting/destinations
  27. {
  28. "type": "email",
  29. "name": "my-email-destination",
  30. "email": {
  31. "email_account_id": "YjY7mXMBx015759_IcfW",
  32. "recipients": [
  33. {
  34. "type": "email_group",
  35. "email_group_id": "YzY-mXMBx015759_dscs"
  36. },
  37. {
  38. "type": "email",
  39. "email": "example@email.com"
  40. }
  41. ]
  42. }
  43. }
  44. // The email_account_id and email_group_id will be the document IDs of the email_account and email_group you have created.

Sample response

  1. {
  2. "_id": "nO-yFmkB8NzS6aXjJdiI",
  3. "_version": 1,
  4. "destination": {
  5. "type": "slack",
  6. "name": "my-destination",
  7. "last_update_time": 1550863967624,
  8. "slack": {
  9. "url": "http://www.example.com"
  10. }
  11. }
  12. }

Update destination

Introduced 1.0

Request

  1. PUT _plugins/_alerting/destinations/<destination-id>
  2. {
  3. "name": "my-updated-destination",
  4. "type": "slack",
  5. "slack": {
  6. "url": "http://www.example.com"
  7. }
  8. }

Sample response

  1. {
  2. "_id": "pe-1FmkB8NzS6aXjqvVY",
  3. "_version": 4,
  4. "destination": {
  5. "type": "slack",
  6. "name": "my-updated-destination",
  7. "last_update_time": 1550864289375,
  8. "slack": {
  9. "url": "http://www.example.com"
  10. }
  11. }
  12. }

Get destination

Introduced 1.0

Retrieve one destination.

Requests

  1. GET _plugins/_alerting/destinations/<destination-id>

Sample response

  1. {
  2. "totalDestinations": 1,
  3. "destinations": [{
  4. "id": "1a2a3a4a5a6a7a",
  5. "type": "slack",
  6. "name": "sample-destination",
  7. "user": {
  8. "name": "psantos",
  9. "backend_roles": [
  10. "human-resources"
  11. ],
  12. "roles": [
  13. "alerting_full_access",
  14. "hr-role"
  15. ],
  16. "custom_attribute_names": []
  17. },
  18. "schema_version": 3,
  19. "seq_no": 0,
  20. "primary_term": 6,
  21. "last_update_time": 1603943261722,
  22. "slack": {
  23. "url": "https://example.com"
  24. }
  25. }
  26. ]
  27. }

Get destinations

Introduced 1.0

Retrieve all destinations.

Requests

  1. GET _plugins/_alerting/destinations

Sample response

  1. {
  2. "totalDestinations": 1,
  3. "destinations": [{
  4. "id": "1a2a3a4a5a6a7a",
  5. "type": "slack",
  6. "name": "sample-destination",
  7. "user": {
  8. "name": "psantos",
  9. "backend_roles": [
  10. "human-resources"
  11. ],
  12. "roles": [
  13. "alerting_full_access",
  14. "hr-role"
  15. ],
  16. "custom_attribute_names": []
  17. },
  18. "schema_version": 3,
  19. "seq_no": 0,
  20. "primary_term": 6,
  21. "last_update_time": 1603943261722,
  22. "slack": {
  23. "url": "https://example.com"
  24. }
  25. }
  26. ]
  27. }

Delete destination

Introduced 1.0

Request

  1. DELETE _plugins/_alerting/destinations/<destination-id>

Sample response

  1. {
  2. "_index": ".opendistro-alerting-config",
  3. "_type": "_doc",
  4. "_id": "Zu-zFmkB8NzS6aXjLeBI",
  5. "_version": 2,
  6. "result": "deleted",
  7. "forced_refresh": true,
  8. "_shards": {
  9. "total": 2,
  10. "successful": 2,
  11. "failed": 0
  12. },
  13. "_seq_no": 8,
  14. "_primary_term": 1
  15. }

Create email account

Introduced 1.0

Request

  1. POST _plugins/_alerting/destinations/email_accounts
  2. {
  3. "name": "example_account",
  4. "email": "example@email.com",
  5. "host": "smtp.email.com",
  6. "port": 465,
  7. "method": "ssl"
  8. }

Sample response

  1. {
  2. "_id" : "email_account_id",
  3. "_version" : 1,
  4. "_seq_no" : 7,
  5. "_primary_term" : 2,
  6. "email_account" : {
  7. "schema_version" : 2,
  8. "name" : "example_account",
  9. "email" : "example@email.com",
  10. "host" : "smtp.email.com",
  11. "port" : 465,
  12. "method" : "ssl"
  13. }
  14. }

Update email account

Introduced 1.0

Request

  1. PUT _plugins/_alerting/destinations/email_accounts/<email_account_id>
  2. {
  3. "name": "example_account",
  4. "email": "example@email.com",
  5. "host": "smtp.email.com",
  6. "port": 465,
  7. "method": "ssl"
  8. }

Sample response

  1. {
  2. "_id" : "email_account_id",
  3. "_version" : 3,
  4. "_seq_no" : 19,
  5. "_primary_term" : 2,
  6. "email_account" : {
  7. "schema_version" : 2,
  8. "name" : "example_account",
  9. "email" : "example@email.com",
  10. "host" : "smtp.email.com",
  11. "port" : 465,
  12. "method" : "ssl"
  13. }
  14. }

Get email account

Introduced 1.0

Request

  1. GET _plugins/_alerting/destinations/email_accounts/<email_account_id>
  2. {
  3. "name": "example_account",
  4. "email": "example@email.com",
  5. "host": "smtp.email.com",
  6. "port": 465,
  7. "method": "ssl"
  8. }

Sample response

  1. {
  2. "_id" : "email_account_id",
  3. "_version" : 2,
  4. "_seq_no" : 8,
  5. "_primary_term" : 2,
  6. "email_account" : {
  7. "schema_version" : 2,
  8. "name" : "test_account",
  9. "email" : "test@email.com",
  10. "host" : "smtp.test.com",
  11. "port" : 465,
  12. "method" : "ssl"
  13. }
  14. }

Delete email account

Introduced 1.0

Request

  1. DELETE _plugins/_alerting/destinations/email_accounts/<email_account_id>

Sample response

  1. {
  2. "_index" : ".opendistro-alerting-config",
  3. "_type" : "_doc",
  4. "_id" : "email_account_id",
  5. "_version" : 1,
  6. "result" : "deleted",
  7. "forced_refresh" : true,
  8. "_shards" : {
  9. "total" : 2,
  10. "successful" : 2,
  11. "failed" : 0
  12. },
  13. "_seq_no" : 12,
  14. "_primary_term" : 2
  15. }

Search email account

Introduced 1.0

Request

  1. POST _plugins/_alerting/destinations/email_accounts/_search
  2. {
  3. "from": 0,
  4. "size": 20,
  5. "sort": { "email_account.name.keyword": "desc" },
  6. "query": {
  7. "bool": {
  8. "must": {
  9. "match_all": {}
  10. }
  11. }
  12. }
  13. }

Sample response

  1. {
  2. "took" : 8,
  3. "timed_out" : false,
  4. "_shards" : {
  5. "total" : 1,
  6. "successful" : 1,
  7. "skipped" : 0,
  8. "failed" : 0
  9. },
  10. "hits" : {
  11. "total" : {
  12. "value" : 2,
  13. "relation" : "eq"
  14. },
  15. "max_score" : null,
  16. "hits" : [
  17. {
  18. "_index" : ".opendistro-alerting-config",
  19. "_type" : "_doc",
  20. "_id" : "email_account_id",
  21. "_seq_no" : 8,
  22. "_primary_term" : 2,
  23. "_score" : null,
  24. "_source" : {
  25. "schema_version" : 2,
  26. "name" : "example_account",
  27. "email" : "example@email.com",
  28. "host" : "smtp.email.com",
  29. "port" : 465,
  30. "method" : "ssl"
  31. },
  32. "sort" : [
  33. "example_account"
  34. ]
  35. },
  36. ...
  37. ]
  38. }
  39. }

Create email group

Introduced 1.0

Request

  1. POST _plugins/_alerting/destinations/email_groups
  2. {
  3. "name": "example_email_group",
  4. "emails": [{
  5. "email": "example@email.com"
  6. }]
  7. }

Sample response

  1. {
  2. "_id" : "email_group_id",
  3. "_version" : 1,
  4. "_seq_no" : 9,
  5. "_primary_term" : 2,
  6. "email_group" : {
  7. "schema_version" : 2,
  8. "name" : "example_email_group",
  9. "emails" : [
  10. {
  11. "email" : "example@email.com"
  12. }
  13. ]
  14. }
  15. }

Update email group

Introduced 1.0

Request

  1. PUT _plugins/_alerting/destinations/email_groups/<email_group_id>
  2. {
  3. "name": "example_email_group",
  4. "emails": [{
  5. "email": "example@email.com"
  6. }]
  7. }

Sample response

  1. {
  2. "_id" : "email_group_id",
  3. "_version" : 4,
  4. "_seq_no" : 17,
  5. "_primary_term" : 2,
  6. "email_group" : {
  7. "schema_version" : 2,
  8. "name" : "example_email_group",
  9. "emails" : [
  10. {
  11. "email" : "example@email.com"
  12. }
  13. ]
  14. }
  15. }

Get email group

Introduced 1.0

Request

  1. GET _plugins/_alerting/destinations/email_groups/<email_group_id>
  2. {
  3. "name": "example_email_group",
  4. "emails": [{
  5. "email": "example@email.com"
  6. }]
  7. }

Sample response

  1. {
  2. "_id" : "email_group_id",
  3. "_version" : 4,
  4. "_seq_no" : 17,
  5. "_primary_term" : 2,
  6. "email_group" : {
  7. "schema_version" : 2,
  8. "name" : "example_email_group",
  9. "emails" : [
  10. {
  11. "email" : "example@email.com"
  12. }
  13. ]
  14. }
  15. }

Delete email group

Introduced 1.0

Request

  1. DELETE _plugins/_alerting/destinations/email_groups/<email_group_id>

Sample response

  1. {
  2. "_index" : ".opendistro-alerting-config",
  3. "_type" : "_doc",
  4. "_id" : "email_group_id",
  5. "_version" : 1,
  6. "result" : "deleted",
  7. "forced_refresh" : true,
  8. "_shards" : {
  9. "total" : 2,
  10. "successful" : 2,
  11. "failed" : 0
  12. },
  13. "_seq_no" : 11,
  14. "_primary_term" : 2
  15. }

Search email group

Introduced 1.0

Request

  1. POST _plugins/_alerting/destinations/email_groups/_search
  2. {
  3. "from": 0,
  4. "size": 20,
  5. "sort": { "email_group.name.keyword": "desc" },
  6. "query": {
  7. "bool": {
  8. "must": {
  9. "match_all": {}
  10. }
  11. }
  12. }
  13. }

Sample response

  1. {
  2. "took" : 7,
  3. "timed_out" : false,
  4. "_shards" : {
  5. "total" : 1,
  6. "successful" : 1,
  7. "skipped" : 0,
  8. "failed" : 0
  9. },
  10. "hits" : {
  11. "total" : {
  12. "value" : 5,
  13. "relation" : "eq"
  14. },
  15. "max_score" : null,
  16. "hits" : [
  17. {
  18. "_index" : ".opendistro-alerting-config",
  19. "_type" : "_doc",
  20. "_id" : "email_group_id",
  21. "_seq_no" : 10,
  22. "_primary_term" : 2,
  23. "_score" : null,
  24. "_source" : {
  25. "schema_version" : 2,
  26. "name" : "example_email_group",
  27. "emails" : [
  28. {
  29. "email" : "example@email.com"
  30. }
  31. ]
  32. },
  33. "sort" : [
  34. "example_email_group"
  35. ]
  36. },
  37. ...
  38. ]
  39. }
  40. }