Alert index is not getting generated

breakingcode · November 5, 2022, 4:52pm

Hii, I am creating alerts for my data view. I configured the rule as if salary property in data view extends some value an document with alert info will be saved in alert index. But when I enable my rule no alert index is getting created. I tried with creating the alert index by my own but, rule is not indexing the info in that index too. I am using 8.4.3 version of Kibana and Elasticsearch. My rule is not showing any error. It is showing status as Ok.
Any suggestion what I might be doing wrong, I read similar post related to this issue but they didn't work in my case. According to the documentation my configurations should work
Thanks

this is employee index for which I am checking the condition on salary < 20000.

{
  "employees": {
    "mappings": {
      "properties": {
        "created_at": {
          "type": "date"
        },
        "dateTime": {
          "type": "long"
        },
        "id": {
          "type": "text"
        },
        "name": {
          "type": "text"
        },
        "salary": {
          "type": "double"
        }
      }
    }
  }
}

I created data view with created_at as the time field.
I am using Index rule type, this is the document which I want to index in alert index which I have not created.

{
  "rule_id": "{{rule.id}}",
  "context_message": "{{context.message}}",
  "rule_name": "{{rule.name}}",
  "alert_id": "{{alert.id}}"
}

When test my query while configuring the rule it returns documents so I guess my query is working. My rule run every 10 seconds and sends reponse as Ok

stephenb · November 5, 2022, 8:11pm

Hi @breakingcode

You are going to need to show / share your type of alert rule, alert rule configuration, preview data (did you test in in the setup screen?) The Data, The Conditions etc... etc...

i.e. We can't help you without a lot of details... otherwise we are just guessing... you told us a problem but gave us no details to go on.

The more detail you provide in a clear manner the better chance someone can help you.

Oh, and definitely include the version of the stack. New features come available so fast!.

breakingcode · November 6, 2022, 7:51am

You're right, I should've shared the code. Actually, I was trying this example on my work system that's why I didn't shared the code. I have shared the code now you can check.

stephenb · November 6, 2022, 3:37pm

Please show screenshots/ code of the the type of alerts (There is no Index Rule, there is an Index Action) entire rule setup and test outcome and the action. We can't debug the rule without seeing it.

Did you set up an index connector?

Are you sure there are documents that meet the threshold within the time frame?

When you check on the rule execution and the details what do you see?

There is a ton of information there...

system · December 4, 2022, 3:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.