Your issue is the same as I have faced already.
1- First of all never forget to add json format document as being shown here. When you leave it blank then how do you tell the index what to save on the index.
2- 2nd most important thing is, you have to define index mapping of field names that you're going to populate on the index like
{
"_doc": {
"_routing": {
"required": false
},
"numeric_detection": false,
"_source": {
"enabled": false
},
"dynamic": true,
"date_detection": false,
"properties": {
"context_message": {
"type": "text"
},
"alert_id": {
"type": "text"
},
"alert_instance_id": {
"type": "text"
},
"alert_name": {
"type": "text"
},
"timestamp": {
"index": true,
"ignore_malformed": true,
"store": false,
"type": "date",
"doc_values": true
}
}
}
}
When these two things will be done, you'll see alert on the index specified in the connector.