Create alerts with OpenSearch® API
OpenSearch® alerting feature sends notifications when data from one or more indices meets certain conditions that can be customized. Use case examples are such as monitoring for HTTP status code 503, CPU load average above certain percentage or watch for counts of a specific keyword in logs for a specific amount of interval, notification to be configured to be sent via email, slack or custom webhooks and other destination, in this example we are using slack as the destination.
In the following example, we are creating an alert programmatically by
using OpenSearch Alerting API. We are using a sample-host-health index
as datasource to create a simple alert to check cpu load, action will be
triggered when average of cpu_usage_percentage over 3 minutes is
above 75%
OpenSearch API Alerting API URL can be copied from Aiven console:
Click the Overview tab > OpenSearch under
Connection Information > Service URI append
_plugins/_alerting/monitors to the Service URI.
Example:
https://username:password@os-name-myproject.aivencloud.com:24947/_plugins/_alerting/monitors
Save the JSON below into cpu_alert.json
{
"name": "High CPU Monitor",
"type": "monitor",
"monitor_type": "query_level_monitor",
"enabled": true,
"schedule": {
"period": {
"unit": "MINUTES",
"interval": 1
}
},
"inputs": [
{
"search": {
"indices": [
"sample-host-health"
],
"query": {
"size": 0,
"aggregations": {
"metric": {
"avg": {
"field": "cpu_usage_percentage"
}
}
},
"query": {
"bool": {
"filter": [
{
"range": {
"timestamp": {
"gte": "{{period_end}}||-3m",
"lte": "{{period_end}}",
"format": "epoch_millis"
}
}
}
]
}
}
}
}
}
],
"triggers": [
{
"query_level_trigger": {
"id": "lNbSt30BZGFGbIUYx2bb",
"name": "high_cpu",
"severity": "1",
"condition": {
"script": {
"source": "return ctx.results[0].aggregations.metric.value == null ? false : ctx.results[0].aggregations.metric.value > 75",
"lang": "painless"
}
},
"actions": [
{
"id": "ldbSt30BZGFGbIUYx2bb",
"name": "slack",
"destination_id": "gkQgp30BRvA_n4QUwZDL",
"message_template": {
"source": "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.\n - Trigger: {{ctx.trigger.name}}\n - Severity: {{ctx.trigger.severity}}\n - Period start: {{ctx.periodStart}}\n - Period end: {{ctx.periodEnd}}",
"lang": "mustache"
},
"throttle_enabled": false,
"subject_template": {
"source": "High CPU Test Alert",
"lang": "mustache"
}
}
]
}
}
],
"ui_metadata": {
"schedule": {
"timezone": null,
"frequency": "interval",
"period": {
"unit": "MINUTES",
"interval": 1
},
"daily": 0,
"weekly": {
"tue": false,
"wed": false,
"thur": false,
"sat": false,
"fri": false,
"mon": false,
"sun": false
},
"monthly": {
"type": "day",
"day": 1
},
"cronExpression": "0 */1 * * *"
},
"search": {
"searchType": "graph",
"timeField": "timestamp",
"aggregations": [
{
"aggregationType": "avg",
"fieldName": "cpu_usage_percentage"
}
],
"groupBy": [],
"bucketValue": 3,
"bucketUnitOfTime": "m",
"where": {
"fieldName": [],
"fieldRangeEnd": 0,
"fieldRangeStart": 0,
"fieldValue": "",
"operator": "is"
}
},
"monitor_type": "query_level_monitor"
}
}
Use curl to create the alert
curl -XPOST \
https://username:password@os-name-myproject.aivencloud.com:24947/_plugins/_alerting/monitors \
-H 'Content-type: application/json' -T cpu_alert.json
- The required JSON request format can be found in OpenSearch Alerting API documentation