Opensearch Alerts setup using Extraction Queries.
Here we are going to discuss about Opensearch alert setup using a extraction Query and how to get alerts for our email using a SNS topic.
As shown in the Figure 01 ,you can find alerting feature on the left navigational bar.Select alerting.
Inside the alerting you can see the above features.First click the destinations.If you are new to this better to set up a destination first.And click the “Add destination” button on the screen.
As shown on the screen you can fill these fields.In here we are going use SNS topic to get alerts.There are 2 other options also.we can use stack and webhook for this.
After creating the destination go to the monitors and click create monitor button on the screen.
Now you can fill the monitor name. In method of definition use the “define using extraction query” option. If we use “define using visual graph” we can get the hits results for our email body (for now this feature is not working).
Then you can write your extractions queries. Below i had added some sample queries.
Above query consider only last minute logs only.In line 8 we had defined as “1m”, it means query get results base only last minute data. Like that we can use “1h” , “1d” also.
“match_phrase” key word use to check specific field name. As shows in above , we considered @Module_Name is having as “Admin Ms”. it is equal to sql query
“ select * from db_name where @Module_Name == “Admin MS””
Above query is for “count” aggregation function.
In above we had used min() as the aggregation function.
“select min(@Time_Spent) from db_name where @Module_Name == “admin MS””
you can get an idea using this sql query what we had wrote.
