Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow more than 1 search input for monitor #80

Open
adityaj1107 opened this issue Jun 2, 2021 · 3 comments
Open

Allow more than 1 search input for monitor #80

adityaj1107 opened this issue Jun 2, 2021 · 3 comments
Labels
enhancement New feature or request question Further information is requested

Comments

@adityaj1107
Copy link
Contributor

Issue by agone1
Wednesday Nov 11, 2020 at 16:16 GMT
Originally opened as opendistro-for-elasticsearch/alerting#297

Is your feature request related to a problem? Please describe.
There is a need to have a monitor making two or more search requests.
But when user tries to create a monitor with more than 1 search input (using POST _opendistro/_alerting/monitors API call), he gets the following error message:
"Monitors can only have 1 search input."

Describe the solution you'd like
I assume API limitation is originated from UI limitation, that does not imply more than one search request as monitor input.
I think it would not cause much harm for user experience if this limitation for API would be gone.
@adityaj1107 adityaj1107 added enhancement New feature or request question Further information is requested labels Jun 2, 2021
@adityaj1107
Copy link
Contributor Author

Comment by skkosuri-amzn
Saturday Nov 28, 2020 at 23:18 GMT

Could you please provide more details and use case for this enhancement.

@adityaj1107
Copy link
Contributor Author

Comment by agone1
Monday Nov 30, 2020 at 09:40 GMT

The simple use case is when one needs two or more sources of data in order to determine if alert should be triggered on correlated conditions. The description is below.

First use case:
1st index - daily monitoring data.
2nd index - aggregated over more than 3 years data, which contains various stats: average values, median, std_deviation, etc.
Simple threshold value is not enough to determine if alert should be triggered. I need to compare interesting value with statistics for same day of week, month, etc.

Second use case:
1st index - daily monitoring data.
2nd index - all triggered alerts.
Let's imagine than one runs monitor every 5 minutes with 12 hours deep search on first index. If monitor conditions are met the action should be executed. Since monitor runs every 5 minutes there would be 144 actions on the same set of data. In order to suppress excessive actions it would be convinient to check 2nd index, which keeps tracks of triggered alerts.

Both use cases are possible using xpack watcher. It would be great if opendistro monitor provides same functionality.

@adityaj1107
Copy link
Contributor Author

Comment by rayliutoronto
Tuesday Jun 01, 2021 at 18:49 GMT

This is useful. Multi-search input result could be placed in ctx.result[].

@qreshi qreshi mentioned this issue Nov 17, 2021
Closed
This was referenced Feb 18, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adityaj1107