The opendistro alert history is stored in the .opendistro-alerting-alert-history-<date> index
Is it possible to get the alert query data/execution result from a past Completed alert?
I’m not able to find the data
Thanks in advance
Asked
Active
Viewed 250 times
0
Voodoo
- 349
- 3
- 11
1 Answers
0
Yes, all COMPLETED alerts are saved in .opendistro-alerting-alert-history-<date> index as you mentioned, reference.
Try adding an index pattern and make sure to include system indices: .opendistro-alerting-alert-history-*
You can always view them in ElasticSearch by using this query: http://my-awseome-es:9200/_cat/indices?expand_wildcards=open,hidden
As the index starts with .(period) it is hidden just like UNIX hidden files/folders.
I have made a grafana dashboard to visualize the alert data: 12875
Please have a look, it can provide a reference for Kibana.
Shubham Choudhary
- 115
- 2
- 9