Hi everyone,
I’m wondering if it’s possible for an alert to reference multiple data views in its definition.
My use case: I have one data view per environment, and I’d like to avoid duplicating the same alert definition for each environment. Ideally, the alert’s query would run across several data views at once.
Is this currently supported, or is there a recommended workaround?
Thanks!
Hello @gueguet57
When you say every environment you mean space Or multiple data views per environment in same space?
Also the alert you are trying to create is a threshold or custom rule?
Can we create a single dataview with index* if you have index name as index-dev , index-test , index-prod?
Thanks!!
Hello @Tortoise, thanks for your answer !
When I say every environment, I mean one environment for each of my Kubernetes environments (non-prod, prod, etc.). I’m not talking about Spaces here.
Not sure I fully understand the question — I have a custom query, and if it returns at least one document, my alert is triggered.
Yes, now I remember that someone also advised me to do this! I can definitely use a wildcard to declare a more generic dataview and get all environments at once.
Thanks!
Hello @gueguet57 ,
I think you can define a data view that accesses all environments, and then you can break down each environment at the level of your rule. And that way you just have one rule.
Yes I will try this method thanks !
Hello @gueguet57
The question was specifically for below scenario, you create a single dataview index* which will have data for index-dev, index-prod, index-test
Now you have a rule if error > 0 raise alert but how will you know it is for which environment? This was the reason for asking which rule you are going to create after the dataview. If you create a custom threshold, there is option to create different alerts per environment but in each index do you have an environment field? So your rule will execute against each environment error > 0 & it should raise 2 alerts say for env test & prod if for this the count is > 0 for test/prod & not for dev.
Thanks!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.