告警 API
使用告警 API 以编程方式创建、更新和管理监控器和告警。有关专门支持复合监控器的 API,请参阅使用 API 管理复合监控器。
创建查询级监控器
查询级监控器运行查询并确定结果是否应触发告警。查询级监控器每次只能触发一个告警。有关查询级和桶级监控器的更多信息,请参阅创建监控器。
请求示例
POST _plugins/_alerting/monitors
{
"type": "monitor",
"name": "test-monitor",
"monitor_type": "query_level_monitor",
"enabled": true,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": ["movies"],
"query": {
"size": 0,
"aggregations": {},
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{period_end}}||-1h",
"lte": "{{period_end}}",
"format": "epoch_millis"
}
}
}
}
}
}
}
}],
"triggers": [{
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "ctx.results[0].hits.total.value > 0",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "ld7912sBlQ5JUWWFThoW",
"message_template": {
"source": "This is my message body."
},
"throttle_enabled": true,
"throttle": {
"value": 27,
"unit": "MINUTES"
},
"subject_template": {
"source": "TheSubject"
}
}]
}]
}
如果您将自定义 Webhook 用作目标并需要在消息正文中嵌入 JSON,请务必转义引号。
{
"message_template": {
"source": "{ \"text\": \"Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue. - Trigger: {{ctx.trigger.name}} - Severity: {{ctx.trigger.severity}} - Period start: {{ctx.periodStart}} - Period end: {{ctx.periodEnd}}\" }"
}
}
(可选)要指定后端角色,您可以在创建监控器请求的底部添加 rbac_roles 参数和后端角色名称。
以下请求创建一个查询级监控器并提供两个后端角色:role1 和 role2。请求底部的部分显示了使用此语法指定角色的行:"rbac_roles": ["role1", "role2"]。要了解如何使用后端角色限制访问,请参阅(高级)按后端角色限制访问。
请求示例
POST _plugins/_alerting/monitors
{
"type": "monitor",
"name": "test-monitor",
"monitor_type": "query_level_monitor",
"enabled": true,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": ["movies"],
"query": {
"size": 0,
"aggregations": {},
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "||-1h",
"lte": "",
"format": "epoch_millis"
}
}
}
}
}
}
}
}],
"triggers": [{
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "ctx.results[0].hits.total.value > 0",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "ld7912sBlQ5JUWWFThoW",
"message_template": {
"source": "This is my message body."
},
"throttle_enabled": true,
"throttle": {
"value": 27,
"unit": "MINUTES"
},
"subject_template": {
"source": "TheSubject"
}
}]
}],
"rbac_roles": ["role1", "role2"]
}
选择展开示例响应
示例响应
{
"_id": "vd5k2GsBlQ5JUWWFxhsP",
"_version": 1,
"_seq_no": 7,
"_primary_term": 1,
"monitor": {
"type": "monitor",
"schema_version": 1,
"name": "test-monitor",
"enabled": true,
"enabled_time": 1562703611363,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": [
"movies"
],
"query": {
"size": 0,
"query": {
"bool": {
"filter": [{
"range": {
"@timestamp": {
"from": "{{period_end}}||-1h",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
}],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}
}
}],
"triggers": [{
"id": "ud5k2GsBlQ5JUWWFxRvi",
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "ctx.results[0].hits.total.value > 0",
"lang": "painless"
}
},
"actions": [{
"id": "ut5k2GsBlQ5JUWWFxRvj",
"name": "test-action",
"destination_id": "ld7912sBlQ5JUWWFThoW",
"message_template": {
"source": "This is my message body.",
"lang": "mustache"
},
"throttle_enabled": false,
"subject_template": {
"source": "Subject",
"lang": "mustache"
}
}]
}],
"last_update_time": 1562703611363
}
}
要指定时区,您可以在请求的 schedule 部分包含一个带有时区名称的 cron 表达式。以下示例创建一个监控器,它在每个月的第一天太平洋时间下午 12:10 运行。
请求示例
{
"type": "monitor",
"name": "test-monitor",
"monitor_type": "query_level_monitor",
"enabled": true,
"schedule": {
"cron" : {
"expression": "10 12 1 * *",
"timezone": "America/Los_Angeles"
}
},
"inputs": [{
"search": {
"indices": ["movies"],
"query": {
"size": 0,
"aggregations": {},
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{period_end}}||-1h",
"lte": "{{period_end}}",
"format": "epoch_millis"
}
}
}
}
}
}
}
}],
"triggers": [{
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "ctx.results[0].hits.total.value > 0",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "ld7912sBlQ5JUWWFThoW",
"message_template": {
"source": "This is a message body."
},
"throttle_enabled": true,
"throttle": {
"value": 27,
"unit": "MINUTES"
},
"subject_template": {
"source": "Subject"
}
}]
}]
}
有关时区名称的完整列表,请参阅tz 数据库时区列表。告警插件使用 Java TimeZone 类将 ZoneId 转换为有效的时区。
桶级监控器
桶级监控器根据字段将结果分类到不同的桶中。然后,监控器针对每个桶的结果运行脚本,并评估是否触发告警。有关桶级和查询级监控器的更多信息,请参阅创建监控器。
请求示例
POST _plugins/_alerting/monitors
{
"type": "monitor",
"name": "Demo bucket-level monitor",
"monitor_type": "bucket_level_monitor",
"enabled": true,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [
{
"search": {
"indices": [
"movies"
],
"query": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"range": {
"order_date": {
"from": "{{period_end}}||-1h",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis"
}
}
}
]
}
},
"aggregations": {
"composite_agg": {
"composite": {
"sources": [
{
"user": {
"terms": {
"field": "user"
}
}
}
]
},
"aggregations": {
"avg_products_base_price": {
"avg": {
"field": "products.base_price"
}
}
}
}
}
}
}
}
],
"triggers": [
{
"bucket_level_trigger": {
"name": "test-trigger",
"severity": "1",
"condition": {
"buckets_path": {
"_count": "_count",
"avg_products_base_price": "avg_products_base_price"
},
"parent_bucket_path": "composite_agg",
"script": {
"source": "params._count > 50 || params.avg_products_base_price < 35",
"lang": "painless"
}
},
"actions": [
{
"name": "test-action",
"destination_id": "E4o5hnsB6KjPKmHtpfCA",
"message_template": {
"source": """Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue. - Trigger: {{ctx.trigger.name}} - Severity: {{ctx.trigger.severity}} - Period start: {{ctx.periodStart}} - Period end: {{ctx.periodEnd}} - Deduped Alerts: {{ctx.dedupedAlerts}} * {{id}} : {{bucket_keys}} {{ctx.dedupedAlerts}} - New Alerts: {{ctx.newAlerts}} * {{id}} : {{bucket_keys}} {{ctx.newAlerts}} - Completed Alerts: {{ctx.completedAlerts}} * {{id}} : {{bucket_keys}} {{ctx.completedAlerts}}""",
"lang": "mustache"
},
"throttle_enabled": false,
"throttle": {
"value": 10,
"unit": "MINUTES"
},
"action_execution_policy": {
"action_execution_scope": {
"per_alert": {
"actionable_alerts": [
"DEDUPED",
"NEW"
]
}
}
},
"subject_template": {
"source": "The Subject",
"lang": "mustache"
}
}
]
}
}
]
}
选择展开示例响应
示例响应
{
"_id" : "Dfxr63sBwex6DxEhHV5N",
"_version" : 1,
"_seq_no" : 3,
"_primary_term" : 1,
"monitor" : {
"type" : "monitor",
"schema_version" : 4,
"name" : "Demo a bucket-level monitor",
"monitor_type" : "bucket_level_monitor",
"user" : {
"name" : "",
"backend_roles" : [ ],
"roles" : [ ],
"custom_attribute_names" : [ ],
"user_requested_tenant" : null
},
"enabled" : true,
"enabled_time" : 1631742270785,
"schedule" : {
"period" : {
"interval" : 1,
"unit" : "MINUTES"
}
},
"inputs" : [
{
"search" : {
"indices" : [
"opensearch_dashboards_sample_data_flights"
],
"query" : {
"size" : 0,
"query" : {
"bool" : {
"filter" : [
{
"range" : {
"order_date" : {
"from" : "{{period_end}}||-1h",
"to" : "{{period_end}}",
"include_lower" : true,
"include_upper" : true,
"format" : "epoch_millis",
"boost" : 1.0
}
}
}
],
"adjust_pure_negative" : true,
"boost" : 1.0
}
},
"aggregations" : {
"composite_agg" : {
"composite" : {
"size" : 10,
"sources" : [
{
"user" : {
"terms" : {
"field" : "user",
"missing_bucket" : false,
"order" : "asc"
}
}
}
]
},
"aggregations" : {
"avg_products_base_price" : {
"avg" : {
"field" : "products.base_price"
}
}
}
}
}
}
}
}
],
"triggers" : [
{
"bucket_level_trigger" : {
"id" : "C_xr63sBwex6DxEhHV5B",
"name" : "test-trigger",
"severity" : "1",
"condition" : {
"buckets_path" : {
"_count" : "_count",
"avg_products_base_price" : "avg_products_base_price"
},
"parent_bucket_path" : "composite_agg",
"script" : {
"source" : "params._count > 50 || params.avg_products_base_price < 35",
"lang" : "painless"
},
"gap_policy" : "skip"
},
"actions" : [
{
"id" : "DPxr63sBwex6DxEhHV5B",
"name" : "test-action",
"destination_id" : "E4o5hnsB6KjPKmHtpfCA",
"message_template" : {
"source" : "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue. - Trigger: {{ctx.trigger.name}} - Severity: {{ctx.trigger.severity}} - Period start: {{ctx.periodStart}} - Period end: {{ctx.periodEnd}} - Deduped Alerts: {{ctx.dedupedAlerts}} * {{id}} : {{bucket_keys}} {{ctx.dedupedAlerts}} - New Alerts: {{ctx.newAlerts}} * {{id}} : {{bucket_keys}} {{ctx.newAlerts}} - Completed Alerts: {{ctx.completedAlerts}} * {{id}} : {{bucket_keys}} {{ctx.completedAlerts}}",
"lang" : "mustache"
},
"throttle_enabled" : false,
"subject_template" : {
"source" : "The Subject",
"lang" : "mustache"
},
"throttle" : {
"value" : 10,
"unit" : "MINUTES"
},
"action_execution_policy" : {
"action_execution_scope" : {
"per_alert" : {
"actionable_alerts" : [
"DEDUPED",
"NEW"
]
}
}
}
}
]
}
}
],
"last_update_time" : 1631742270785
}
}
文档级监控器
2.0 版本引入
文档级监控器检查索引中的单个文档是否符合触发条件。如果符合,监控器会生成告警通知。当您使用文档级监控器运行查询时,每个符合触发条件的文档都会返回结果。您可以根据查询名称、查询 ID 或组合多个查询的标签创建触发条件。
要了解更多关于与文档级监控器 API 功能类似的逐文档监控器,请参阅监控器。
搜索发现索引
您可以使用告警搜索 API 操作,通过 GET 请求搜索发现索引 .opensearch-alerting-finding* 以获取可用的文档发现。默认情况下,不带路径参数的 GET 请求会返回所有可用发现。
要检索所有可用发现,请发送不带任何路径参数的 GET 请求,如下所示:
GET /_plugins/_alerting/findings/_search?
要检索单个文档发现条目的元数据,您可以按其 findingId 搜索发现,如下所示:
GET /_plugins/_alerting/findings/_search?findingId=gKQhj8WJit3BxjGfiOXC
响应在 total_findings 字段中返回单个发现条目的数量。
若要在发现搜索中获得更具体的结果,您可以使用下表中定义的任何可选路径参数。
| 路径参数 | 描述 | 用法 |
|---|---|---|
findingId | 发现条目的标识符。 | 发现 ID 在初始查询响应中返回。 |
sortString | 此字段指定告警插件用于排序发现的字符串。 | 默认值为 id。 |
sortOrder | 发现列表的排序顺序,升序或降序。 | 使用 sortOrder=asc 表示升序,或 sortOrder=desc 表示降序。 |
size | 响应中返回结果最大数量的可选限制。 | 没有最小值或最大值。 |
startIndex | 分页指示符。 | 默认值为 0。 |
searchString | 您希望在搜索中返回的发现属性。 | 要在特定索引中搜索,请在请求路径中指定索引名称。例如,要在 indexABC 索引中搜索发现,请使用 searchString=indexABC。 |
创建文档级监控器
您可以通过 POST 请求创建文档级监控器,并在请求正文中提供监控器详细信息。至少,您需要提供以下详细信息:使用 inputs 字段指定查询或按标签组合,一个有效的触发条件,以及在 action 字段中提供通知消息。
下表提供了每个触发选项的语法。
| 触发选项 | 定义 | 语法 |
|---|---|---|
| 标签 | 为与应用了此标签的多个查询匹配的文档创建告警。如果您通过单个标签对多个查询进行分组,则可以将其设置为在结果由此标签名称返回时触发告警。 | query[tag=<tag-name>] |
| 按名称查询 | 为由指定名称查询匹配或返回的文档创建告警。 | query[name=<query-name>] |
| 按 ID 查询 | 为由指定 ID 查询返回的文档创建告警。 | query[id=<query-id>] |
请求示例
POST _plugins/_alerting/monitors
{
"type": "monitor",
"monitor_type": "doc_level_monitor",
"name": "Example document-level monitor",
"enabled": true,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [
{
"doc_level_input": {
"description": "Example document-level monitor for audit logs",
"indices": [
"audit-logs"
],
"queries": [
{
"id": "nKQnFYABit3BxjGfiOXC",
"name": "sigma-123",
"query": "region:\"us-west-2\"",
"tags": [
"tag1"
]
},
{
"id": "gKQnABEJit3BxjGfiOXC",
"name": "sigma-456",
"query": "region:\"us-east-1\"",
"tags": [
"tag2"
]
},
{
"id": "h4J2ABEFNW3vxjGfiOXC",
"name": "sigma-789",
"query": "message:\"This is a SEPARATE error from IAD region\"",
"tags": [
"tag3"
]
}
]
}
}
],
"triggers": [ { "document_level_trigger": {
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "(query[name=sigma-123] || query[tag=tag3]) && query[name=sigma-789]",
"lang": "painless"
}
},
"actions": [
{
"name": "test-action",
"destination_id": "E4o5hnsB6KjPKmHtpfCA",
"message_template": {
"source": """Monitor just entered alert status. Please investigate the issue. Related Finding Ids: {{ctx.alerts.0.finding_ids}}, Related Document Ids: {{ctx.alerts.0.related_doc_ids}}""",
"lang": "mustache"
},
"action_execution_policy": {
"action_execution_scope": {
"per_alert": {
"actionable_alerts": []
}
}
},
"subject_template": {
"source": "The Subject",
"lang": "mustache"
}
}
]
}}]
}
限制
如果您在索引正在重新索引时运行文档级查询,API 响应将不会返回重新索引的结果。要获取更新,请等到重新索引过程完成,然后重新运行查询。
更新监控器
更新监控器时,您可以选择包含 seq_no 和 primary_term 作为参数。如果这些数字与现有监控器不匹配或监控器不存在,告警插件将抛出错误。OpenSearch 会自动增加版本号和序列号(请参阅示例响应)。
请求示例
PUT _plugins/_alerting/monitors/<monitor_id>
{
"type": "monitor",
"name": "test-monitor",
"enabled": true,
"enabled_time": 1551466220455,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": [
"*"
],
"query": {
"query": {
"match_all": {
"boost": 1
}
}
}
}
}],
"triggers": [{
"id": "StaeOmkBC25HCRGmL_y-",
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "return true",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "RtaaOmkBC25HCRGm0fxi",
"subject_template": {
"source": "My Message Subject",
"lang": "mustache"
},
"message_template": {
"source": "This is my message body.",
"lang": "mustache"
}
}]
}],
"last_update_time": 1551466639295
}
PUT _plugins/_alerting/monitors/<monitor_id>?if_seq_no=3&if_primary_term=1
{
"type": "monitor",
"name": "test-monitor",
"enabled": true,
"enabled_time": 1551466220455,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": [
"*"
],
"query": {
"query": {
"match_all": {
"boost": 1
}
}
}
}
}],
"triggers": [{
"id": "StaeOmkBC25HCRGmL_y-",
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "return true",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "RtaaOmkBC25HCRGm0fxi",
"subject_template": {
"source": "My Message Subject",
"lang": "mustache"
},
"message_template": {
"source": "This is my message body.",
"lang": "mustache"
}
}]
}],
"last_update_time": 1551466639295
}
选择展开示例响应
示例响应
{
"_id": "Q9aXOmkBC25HCRGmzfw-",
"_version": 4,
"_seq_no": 4,
"_primary_term": 1,
"monitor": {
"type": "monitor",
"name": "test-monitor",
"enabled": true,
"enabled_time": 1551466220455,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": [
"*"
],
"query": {
"query": {
"match_all": {
"boost": 1
}
}
}
}
}],
"triggers": [{
"id": "StaeOmkBC25HCRGmL_y-",
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "return true",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "RtaaOmkBC25HCRGm0fxi",
"subject_template": {
"source": "My Message Subject",
"lang": "mustache"
},
"message_template": {
"source": "This is my message body.",
"lang": "mustache"
}
}]
}],
"last_update_time": 1551466761596
}
}
获取监控器
使用以下请求检索特定监控器的详细信息。
请求示例
GET _plugins/_alerting/monitors/<monitor_id>
选择展开示例响应
示例响应
{
"_id": "Q9aXOmkBC25HCRGmzfw-",
"_version": 3,
"_seq_no": 3,
"_primary_term": 1,
"monitor": {
"type": "monitor",
"name": "test-monitor",
"enabled": true,
"enabled_time": 1551466220455,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": [
"*"
],
"query": {
"query": {
"match_all": {
"boost": 1
}
}
}
}
}],
"triggers": [{
"id": "StaeOmkBC25HCRGmL_y-",
"name": "test-trigger",
"severity": "1",
"condition": {
"script": {
"source": "return true",
"lang": "painless"
}
},
"actions": [{
"name": "test-action",
"destination_id": "RtaaOmkBC25HCRGm0fxi",
"subject_template": {
"source": "My Message Subject",
"lang": "mustache"
},
"message_template": {
"source": "This is my message body.",
"lang": "mustache"
}
}]
}],
"last_update_time": 1551466639295
}
}
监控器统计信息
返回有关告警功能的统计信息。使用 _plugins/_alerting/stats 查找节点 ID 和指标。然后,您可以使用这些值进行深入分析。
请求示例
GET _plugins/_alerting/stats
GET _plugins/_alerting/stats/<metric>
GET _plugins/_alerting/<node-id>/stats
GET _plugins/_alerting/<node-id>/stats/<metric>
选择展开示例响应
示例响应
{
"_nodes": {
"total": 9,
"successful": 9,
"failed": 0
},
"cluster_name": "475300751431:alerting65-dont-delete",
"plugins.scheduled_jobs.enabled": true,
"scheduled_job_index_exists": true,
"scheduled_job_index_status": "green",
"nodes_on_schedule": 9,
"nodes_not_on_schedule": 0,
"nodes": {
"qWcbKbb-TVyyI-Q7VSeOqA": {
"name": "qWcbKbb",
"schedule_status": "green",
"roles": [
"MASTER"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 207017,
"full_sweep_on_time": true
},
"jobs_info": {}
},
"Do-DX9ZcS06Y9w1XbSJo1A": {
"name": "Do-DX9Z",
"schedule_status": "green",
"roles": [
"DATA",
"INGEST"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 230516,
"full_sweep_on_time": true
},
"jobs_info": {}
},
"n5phkBiYQfS5I0FDzcqjZQ": {
"name": "n5phkBi",
"schedule_status": "green",
"roles": [
"MASTER"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 228406,
"full_sweep_on_time": true
},
"jobs_info": {}
},
"Tazzo8cQSY-g3vOjgYYLzA": {
"name": "Tazzo8c",
"schedule_status": "green",
"roles": [
"DATA",
"INGEST"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 211722,
"full_sweep_on_time": true
},
"jobs_info": {
"i-wsFmkB8NzS6aXjQSk0": {
"last_execution_time": 1550864912882,
"running_on_time": true
}
}
},
"Nyf7F8brTOSJuFPXw6CnpA": {
"name": "Nyf7F8b",
"schedule_status": "green",
"roles": [
"DATA",
"INGEST"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 223300,
"full_sweep_on_time": true
},
"jobs_info": {
"NbpoFmkBeSe-hD59AKgE": {
"last_execution_time": 1550864928354,
"running_on_time": true
},
"-LlLFmkBeSe-hD59Ydtb": {
"last_execution_time": 1550864732727,
"running_on_time": true
},
"pBFxFmkBNXkgNmTBaFj1": {
"last_execution_time": 1550863325024,
"running_on_time": true
},
"hfasEmkBNXkgNmTBrvIW": {
"last_execution_time": 1550862000001,
"running_on_time": true
}
}
},
"oOdJDIBVT5qbbO3d8VLeEw": {
"name": "oOdJDIB",
"schedule_status": "green",
"roles": [
"DATA",
"INGEST"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 227570,
"full_sweep_on_time": true
},
"jobs_info": {
"4hKRFmkBNXkgNmTBKjYX": {
"last_execution_time": 1550864806101,
"running_on_time": true
}
}
},
"NRDG6JYgR8m0GOZYQ9QGjQ": {
"name": "NRDG6JY",
"schedule_status": "green",
"roles": [
"MASTER"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 227652,
"full_sweep_on_time": true
},
"jobs_info": {}
},
"URMrXRz3Tm-CB72hlsl93Q": {
"name": "URMrXRz",
"schedule_status": "green",
"roles": [
"DATA",
"INGEST"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 231048,
"full_sweep_on_time": true
},
"jobs_info": {
"m7uKFmkBeSe-hD59jplP": {
"running_on_time": true
}
}
},
"eXgt1k9oTRCLmx2HBGElUw": {
"name": "eXgt1k9",
"schedule_status": "green",
"roles": [
"DATA",
"INGEST"
],
"job_scheduling_metrics": {
"last_full_sweep_time_millis": 229234,
"full_sweep_on_time": true
},
"jobs_info": {
"wWkFFmkBc2NG-PeLntxk": {
"running_on_time": true
},
"3usNFmkB8NzS6aXjO1Gs": {
"last_execution_time": 1550863959848,
"running_on_time": true
}
}
}
}
}
删除监控器
使用以下请求删除监控器。
请求示例
DELETE _plugins/_alerting/monitors/<monitor_id>
选择展开示例响应
示例响应
{
"_index": ".opensearch-scheduled-jobs",
"_id": "OYAHOmgBl3cmwnqZl_yH",
"_version": 2,
"result": "deleted",
"forced_refresh": true,
"_shards": {
"total": 2,
"successful": 2,
"failed": 0
},
"_seq_no": 11,
"_primary_term": 1
}
搜索监控器
使用以下请求,根据特定条件(例如监控器名称)查询并检索有关现有监控器的信息。
请求示例
GET _plugins/_alerting/monitors/_search
{
"query": {
"match" : {
"monitor.name": "my-monitor-name"
}
}
}
选择展开示例响应
示例响应
{
"took": 17,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 0.6931472,
"hits": [{
"_index": ".opensearch-scheduled-jobs",
"_type": "_doc",
"_id": "eGQi7GcBRS7-AJEqfAnr",
"_score": 0.6931472,
"_source": {
"type": "monitor",
"name": "my-monitor-name",
"enabled": true,
"enabled_time": 1545854942426,
"schedule": {
"period": {
"interval": 1,
"unit": "MINUTES"
}
},
"inputs": [{
"search": {
"indices": [
"*"
],
"query": {
"size": 0,
"query": {
"bool": {
"filter": [{
"range": {
"@timestamp": {
"from": "{{period_end}}||-1h",
"to": "{{period_end}}",
"include_lower": true,
"include_upper": true,
"format": "epoch_millis",
"boost": 1
}
}
}],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {}
}
}
}],
"triggers": [{
"id": "Sooi7GcB53a0ewuj_6MH",
"name": "Over",
"severity": "1",
"condition": {
"script": {
"source": "_ctx.results[0].hits.total > 400000",
"lang": "painless"
}
},
"actions": []
}],
"last_update_time": 1545854975758
}
}]
}
}
运行监控器
您可以在 URL 中添加可选的 ?dryrun=true 参数,以显示运行结果,而不会触发任何消息发送操作。
请求示例
POST _plugins/_alerting/monitors/<monitor_id>/_execute
选择展开示例响应
示例响应
{
"monitor_name": "logs",
"period_start": 1547161872322,
"period_end": 1547161932322,
"error": null,
"trigger_results": {
"Sooi7GcB53a0ewuj_6MH": {
"name": "Over",
"triggered": true,
"error": null,
"action_results": {}
}
}
}
获取告警
返回所有告警的数组。
路径参数
下表列出了可用的路径参数。所有路径参数均为可选。
| 参数 | 数据类型 | 描述 |
|---|---|---|
sortString | 字符串 | 定义结果的排序方式。默认值为 monitor_name.keyword。 |
sortOrder | 字符串 | 定义结果的顺序。选项为 asc 或 desc。默认值为 asc。 |
missing | 字符串 | 指定是否在响应中包含缺失数据。 |
size | 字符串 | 定义要返回的请求大小。默认值为 20。 |
startIndex | 字符串 | 定义起始索引。用于结果分页。默认值为 0。 |
searchString | 字符串 | 定义用于搜索特定告警的搜索字符串。默认值为空字符串。 |
severityLevel | 字符串 | 定义要筛选的严重性级别。默认值为 ALL。 |
alertState | 字符串 | 定义要筛选的告警状态。默认值为 ALL。 |
monitorId | 字符串 | 按监控器 ID 筛选。 |
workflowIds | 字符串 | 允许在单个仪表板中监控来自多个工作流的链式告警状态。OpenSearch 2.9 或更高版本可用。 |
请求示例
GET _plugins/_alerting/monitors/alerts
选择展开示例响应
示例响应
{
"alerts": [
{
"id": "eQURa3gBKo1jAh6qUo49",
"version": 300,
"monitor_id": "awUMa3gBKo1jAh6qu47E",
"schema_version": 2,
"monitor_version": 2,
"monitor_name": "Example_monitor_name",
"monitor_user": {
"name": "admin",
"backend_roles": [
"admin"
],
"roles": [
"all_access",
"own_index"
],
"custom_attribute_names": [],
"user_requested_tenant": null
},
"trigger_id": "bQUQa3gBKo1jAh6qnY6G",
"trigger_name": "Example_trigger_name",
"state": "ACTIVE",
"error_message": null,
"alert_history": [
{
"timestamp": 1617314504873,
"message": "Example error message"
},
{
"timestamp": 1617312543925,
"message": "Example error message"
}
],
"severity": "1",
"action_execution_results": [
{
"action_id": "bgUQa3gBKo1jAh6qnY6G",
"last_execution_time": 1617317979908,
"throttled_count": 0
}
],
"start_time": 1616704000492,
"last_notification_time": 1617317979908,
"end_time": null,
"acknowledged_time": null
}
],
"totalAlerts": 1
}
确认告警
获取告警后,您可以通过一次调用确认任意数量的活动告警。如果告警已处于 ERROR、COMPLETED 或 ACKNOWLEDGED 状态,它将出现在 failed 数组中。
请求示例
POST _plugins/_alerting/monitors/<monitor-id>/_acknowledge/alerts
{
"alerts": ["eQURa3gBKo1jAh6qUo49"]
}
选择展开示例响应
示例响应
{
"success": [
"eQURa3gBKo1jAh6qUo49"
],
"failed": []
}
创建目标
使用以下请求定义和配置接收告警通知的各种目标。这些目标可以是不同类型,例如 Slack、自定义 Webhook 或电子邮件,并用于指定告警应如何以及发送到何处。
请求示例
POST _plugins/_alerting/destinations
{
"name": "my-destination",
"type": "slack",
"slack": {
"url": "http://www.example.com"
}
}
POST _plugins/_alerting/destinations
{
"type": "custom_webhook",
"name": "my-custom-destination",
"custom_webhook": {
"path": "incomingwebhooks/123456-123456-XXXXXX",
"header_params": {
"Content-Type": "application/json"
},
"scheme": "HTTPS",
"port": 443,
"query_params": {
"token": "R2x1UlN4ZHF8MXxxVFJpelJNVDgzdGNwXXXXXXXXX"
},
"host": "hooks.chime.aws"
}
}
POST _plugins/_alerting/destinations
{
"type": "email",
"name": "my-email-destination",
"email": {
"email_account_id": "YjY7mXMBx015759_IcfW",
"recipients": [
{
"type": "email_group",
"email_group_id": "YzY-mXMBx015759_dscs"
},
{
"type": "email",
"email": "example@email.com"
}
]
}
}
// The email_account_id and email_group_id will be the document IDs of the email_account and email_group you have created.
选择展开示例响应
示例响应
{
"_id": "nO-yFmkB8NzS6aXjJdiI",
"_version" : 1,
"_seq_no" : 3,
"_primary_term" : 1,
"destination": {
"type": "slack",
"name": "my-destination",
"last_update_time": 1550863967624,
"slack": {
"url": "http://www.example.com"
}
}
}
更新目标
更新目标时,您可以选择将 seq_no 和 primary_term 作为参数包含在内。如果这些数字与现有目标不匹配或目标不存在,告警插件将抛出错误。OpenSearch 会自动递增版本号和序列号(请参阅示例响应)。
请求示例
PUT _plugins/_alerting/destinations/<destination-id>
{
"name": "my-updated-destination",
"type": "slack",
"slack": {
"url": "http://www.example.com"
}
}
PUT _plugins/_alerting/destinations/<destination-id>?if_seq_no=3&if_primary_term=1
{
"name": "my-updated-destination",
"type": "slack",
"slack": {
"url": "http://www.example.com"
}
}
选择展开示例响应
示例响应
{
"_id": "pe-1FmkB8NzS6aXjqvVY",
"_version" : 2,
"_seq_no" : 4,
"_primary_term" : 1,
"destination": {
"type": "slack",
"name": "my-updated-destination",
"last_update_time": 1550864289375,
"slack": {
"url": "http://www.example.com"
}
}
}
获取目标
使用以下请求检索一个目标。
请求示例
GET _plugins/_alerting/destinations/<destination-id>
选择展开示例响应
示例响应
{
"totalDestinations": 1,
"destinations": [{
"id": "1a2a3a4a5a6a7a",
"type": "slack",
"name": "sample-destination",
"user": {
"name": "psantos",
"backend_roles": [
"human-resources"
],
"roles": [
"alerting_full_access",
"hr-role"
],
"custom_attribute_names": []
},
"schema_version": 3,
"seq_no": 0,
"primary_term": 6,
"last_update_time": 1603943261722,
"slack": {
"url": "https://example.com"
}
}
]
}
获取所有目标
使用以下请求检索所有目标。
请求示例
GET _plugins/_alerting/destinations
选择展开示例响应
示例响应
{
"totalDestinations": 1,
"destinations": [{
"id": "1a2a3a4a5a6a7a",
"type": "slack",
"name": "sample-destination",
"user": {
"name": "psantos",
"backend_roles": [
"human-resources"
],
"roles": [
"alerting_full_access",
"hr-role"
],
"custom_attribute_names": []
},
"schema_version": 3,
"seq_no": 0,
"primary_term": 6,
"last_update_time": 1603943261722,
"slack": {
"url": "https://example.com"
}
}
]
}
删除目标
使用以下请求从告警系统中删除特定目标。
请求示例
DELETE _plugins/_alerting/destinations/<destination-id>
选择展开示例响应
示例响应
{
"_index": ".opendistro-alerting-config",
"_type": "_doc",
"_id": "Zu-zFmkB8NzS6aXjLeBI",
"_version": 2,
"result": "deleted",
"forced_refresh": true,
"_shards": {
"total": 2,
"successful": 2,
"failed": 0
},
"_seq_no": 8,
"_primary_term": 1
}
创建电子邮件帐户
使用以下请求设置新的电子邮件帐户以发送告警通知。
请求示例
POST _plugins/_alerting/destinations/email_accounts
{
"name": "example_account",
"email": "example@email.com",
"host": "smtp.email.com",
"port": 465,
"method": "ssl"
}
选择展开示例响应
示例响应
{
"_id" : "email_account_id",
"_version" : 1,
"_seq_no" : 7,
"_primary_term" : 2,
"email_account" : {
"schema_version" : 2,
"name" : "example_account",
"email" : "example@email.com",
"host" : "smtp.email.com",
"port" : 465,
"method" : "ssl"
}
}
更新电子邮件帐户
更新电子邮件帐户时,您可以选择将 seq_no 和 primary_term 作为参数包含在内。如果这些数字与现有电子邮件帐户不匹配或电子邮件帐户不存在,告警插件将抛出错误。OpenSearch 会自动递增版本号和序列号(请参阅示例响应)。
请求示例
PUT _plugins/_alerting/destinations/email_accounts/<email_account_id>
{
"name": "example_account",
"email": "example@email.com",
"host": "smtp.email.com",
"port": 465,
"method": "ssl"
}
PUT _plugins/_alerting/destinations/email_accounts/<email_account_id>?if_seq_no=18&if_primary_term=2
{
"name": "example_account",
"email": "example@email.com",
"host": "smtp.email.com",
"port": 465,
"method": "ssl"
}
选择展开示例响应
示例响应
{
"_id" : "email_account_id",
"_version" : 3,
"_seq_no" : 19,
"_primary_term" : 2,
"email_account" : {
"schema_version" : 2,
"name" : "example_account",
"email" : "example@email.com",
"host" : "smtp.email.com",
"port" : 465,
"method" : "ssl"
}
}
获取电子邮件帐户
使用以下请求检索为告警目的配置的特定电子邮件帐户的详细信息。
请求示例
GET _plugins/_alerting/destinations/email_accounts/<email_account_id>
{
"name": "example_account",
"email": "example@email.com",
"host": "smtp.email.com",
"port": 465,
"method": "ssl"
}
选择展开示例响应
示例响应
{
"_id" : "email_account_id",
"_version" : 2,
"_seq_no" : 8,
"_primary_term" : 2,
"email_account" : {
"schema_version" : 2,
"name" : "test_account",
"email" : "test@email.com",
"host" : "smtp.test.com",
"port" : 465,
"method" : "ssl"
}
}
删除电子邮件帐户
使用以下请求从告警系统中删除现有电子邮件帐户配置。
请求示例
DELETE _plugins/_alerting/destinations/email_accounts/<email_account_id>
选择展开示例响应
示例响应
{
"_index" : ".opendistro-alerting-config",
"_type" : "_doc",
"_id" : "email_account_id",
"_version" : 1,
"result" : "deleted",
"forced_refresh" : true,
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 12,
"_primary_term" : 2
}
搜索电子邮件帐户
使用以下请求检索有关用于基于电子邮件的告警的已配置电子邮件帐户的信息。
请求示例
POST _plugins/_alerting/destinations/email_accounts/_search
{
"from": 0,
"size": 20,
"sort": { "email_account.name.keyword": "desc" },
"query": {
"bool": {
"must": {
"match_all": {}
}
}
}
}
选择展开示例响应
示例响应
{
"took" : 8,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 2,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : ".opendistro-alerting-config",
"_type" : "_doc",
"_id" : "email_account_id",
"_seq_no" : 8,
"_primary_term" : 2,
"_score" : null,
"_source" : {
"schema_version" : 2,
"name" : "example_account",
"email" : "example@email.com",
"host" : "smtp.email.com",
"port" : 465,
"method" : "ssl"
},
"sort" : [
"example_account"
]
},
...
]
}
}
创建电子邮件组
使用以下请求为告警定义新的电子邮件收件人组。
请求示例
POST _plugins/_alerting/destinations/email_groups
{
"name": "example_email_group",
"emails": [{
"email": "example@email.com"
}]
}
选择展开示例响应
示例响应
{
"_id" : "email_group_id",
"_version" : 1,
"_seq_no" : 9,
"_primary_term" : 2,
"email_group" : {
"schema_version" : 2,
"name" : "example_email_group",
"emails" : [
{
"email" : "example@email.com"
}
]
}
}
更新电子邮件组
更新电子邮件组时,您可以选择将 seq_no 和 primary_term 作为参数包含在内。如果这些数字与现有电子邮件组不匹配或电子邮件组不存在,告警插件将抛出错误。OpenSearch 会自动递增版本号和序列号(请参阅示例响应)。
请求示例
PUT _plugins/_alerting/destinations/email_groups/<email_group_id>
{
"name": "example_email_group",
"emails": [{
"email": "example@email.com"
}]
}
PUT _plugins/_alerting/destinations/email_groups/<email_group_id>?if_seq_no=16&if_primary_term=2
{
"name": "example_email_group",
"emails": [{
"email": "example@email.com"
}]
}
选择展开示例响应
示例响应
{
"_id" : "email_group_id",
"_version" : 4,
"_seq_no" : 17,
"_primary_term" : 2,
"email_group" : {
"schema_version" : 2,
"name" : "example_email_group",
"emails" : [
{
"email" : "example@email.com"
}
]
}
}
获取电子邮件组
使用以下请求检索特定电子邮件组目标的详细信息,并传入您要获取的电子邮件组的 ID。
请求示例
GET _plugins/_alerting/destinations/email_groups/<email_group_id>
{
"name": "example_email_group",
"emails": [{
"email": "example@email.com"
}]
}
选择展开示例响应
示例响应
{
"_id" : "email_group_id",
"_version" : 4,
"_seq_no" : 17,
"_primary_term" : 2,
"email_group" : {
"schema_version" : 2,
"name" : "example_email_group",
"emails" : [
{
"email" : "example@email.com"
}
]
}
}
删除电子邮件组
使用以下请求从告警目标列表中删除现有电子邮件组。
请求示例
DELETE _plugins/_alerting/destinations/email_groups/<email_group_id>
选择展开示例响应
示例响应
{
"_index" : ".opendistro-alerting-config",
"_type" : "_doc",
"_id" : "email_group_id",
"_version" : 1,
"result" : "deleted",
"forced_refresh" : true,
"_shards" : {
"total" : 2,
"successful" : 2,
"failed" : 0
},
"_seq_no" : 11,
"_primary_term" : 2
}
搜索电子邮件组
查询并检索用于告警目的的现有电子邮件组的信息,使您能够根据各种条件筛选和排序结果。以下请求中显示了一个示例。
请求示例
POST _plugins/_alerting/destinations/email_groups/_search
{
"from": 0,
"size": 20,
"sort": { "email_group.name.keyword": "desc" },
"query": {
"bool": {
"must": {
"match_all": {}
}
}
}
}
选择展开示例响应
示例响应
{
"took" : 7,
"timed_out" : false,
"_shards" : {
"total" : 1,
"successful" : 1,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 5,
"relation" : "eq"
},
"max_score" : null,
"hits" : [
{
"_index" : ".opendistro-alerting-config",
"_type" : "_doc",
"_id" : "email_group_id",
"_seq_no" : 10,
"_primary_term" : 2,
"_score" : null,
"_source" : {
"schema_version" : 2,
"name" : "example_email_group",
"emails" : [
{
"email" : "example@email.com"
}
]
},
"sort" : [
"example_email_group"
]
},
...
]
}
}
创建评论
使用以下请求向特定告警添加评论,提供与该告警相关的额外上下文或注释。
请求示例
POST _plugins/_alerting/comments/<alert-id>
{
"content": "sample comment"
}
选择展开示例响应
示例响应
{
"_id": "0U6aBJABVWc3FrmWer9s",
"_seq_no": 7,
"_primary_term": 2,
"comment": {
"entity_id": "vCZkA5ABWTh3kzuBEL_9",
"entity_type": "alert",
"content": "sample comment",
"created_time": 1718064151148,
"last_updated_time": null,
"user": "admin"
}
}
更新评论
使用以下请求修改与告警关联的先前添加的评论内容。
请求示例
PUT _plugins/_alerting/comments/<comment-id>
{
"content": "sample updated comment"
}
选择展开示例响应
示例响应
{
"_id": "0U6aBJABVWc3FrmWer9s",
"_seq_no": 8,
"_primary_term": 3,
"comment": {
"entity_id": "vCZkA5ABWTh3kzuBEL_9",
"entity_type": "alert",
"content": "sample updated comment",
"created_time": 1718064151148,
"last_updated_time": 1718064745485,
"user": "admin"
}
}
搜索评论
使用以下请求查询并检索与告警关联的现有评论。
请求示例
GET _plugins/_alerting/comments/_search
{
"query": {
"match_all" : {}
}
}
选择展开示例响应
示例响应
{
"took": 14,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": ".opensearch-alerting-comments-history-2024.06.10-1",
"_id": "xE5tBJABVWc3FrmWRL5i",
"_version": 1,
"_seq_no": 3,
"_primary_term": 2,
"_score": 1,
"_source": {
"entity_id": "vCZkA5ABWTh3kzuBEL_9",
"entity_type": "alert",
"content": "a different sample comment",
"created_time": 1718061188191,
"last_updated_time": null,
"user": "admin"
}
},
{
"_index": ".opensearch-alerting-comments-history-2024.06.10-1",
"_id": "0U6aBJABVWc3FrmWer9s",
"_version": 3,
"_seq_no": 9,
"_primary_term": 3,
"_score": 1,
"_source": {
"entity_id": "vCZkA5ABWTh3kzuBEL_9",
"entity_type": "alert",
"content": "sample updated comment",
"created_time": 1718064151148,
"last_updated_time": 1718064745485,
"user": "admin"
}
}
]
}
}
删除评论
使用以下请求删除与告警关联的特定评论。
请求示例
DELETE _plugins/_alerting/comments/<comment-id>
选择展开示例响应
示例响应
{
"_id": "0U6aBJABVWc3FrmWer9s"
}