Hello,
So I created a rule with filters to alert me if a specific document comes. This is working as expected.
I was wondering since I am using {{context.hits}} to read through the documents. I was wondering how can I create an alert per each document in {{context.hits}}.
The reason is I have the alert condition looking at the checking every 1 minute but 2 documents might come in the last 1 minute. Decreasing the check interval is actually not the best way as Elastic says "Intervals less than 1 minute are not recommended due to performance considerations." I know there's "Set the number of documents to send" can be set to 1, but that will not alert on the 2nd document.
To simplify what I am trying to say, I want to be alerted per document, while showing document variables within the alert body. If there are 3 documents, I want 3 separate alerts.
@stephenb I am using Elasticsearch Query.
And yes you are correct, there's no group by in Elasticsearch Query rule,
I tried Metric Threshold and Index Threshold and they work with the group by.
The issue is you can't do much with the email body in terms of variables you can use.
yeah you are right! I just realized that I am trying to do aggregation by grouping them. Therefore there will be no individual documents to pass through. A Threshold rule would be better suit for this.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.