My company is using open stack 7.10.2 and I've been asked to set up a monitor, trigger, and alert for when a certain value falls below a set threshold. When I run the monitor, it works fine. When I run the trigger, it works fine. When I send a test message, it works fine. But, when left to it's own devices, nothing.
It did appear to work when using "define using visual graph", but I needed to use an extraction query to get the actual items I was looking for.
The extraction query (some redactions for security of course):
{
"size": 10000,
"query": {
"bool": {
"must": [
{
"range": {
"<field name>": {
"from": 0,
"to": 11,
"include_lower": false,
"include_upper": false,
"boost": 1
}
}
},
{
"range": {
"Time": {
"from": "now-6h",
"to": "now",
"include_lower": true,
"include_upper": false,
"boost": 1
}
}
},
{
"match": {
"Name": {
"query": "<value>",
"operator": "OR",
"prefix_length": 0,
"max_expansions": 50,
"fuzzy_transpositions": true,
"lenient": false,
"zero_terms_query": "NONE",
"auto_generate_synonyms_phrase_query": true,
"boost": 1
}
}
}
],
"adjust_pure_negative": true,
"boost": 1
}
},
"aggregations": {
"name": {
"terms": {
"field": "<field name>",
"size": 10,
"min_doc_count": 1,
"shard_min_doc_count": 0,
"show_term_doc_count_error": false,
"order": [
{
"_count": "desc"
},
{
"_key": "asc"
}
]
}
}
}
}
I've adjusted timing a few different ways between the monitor, trigger, and alert to no avail.