I have an alert set up to look for one specific message in the past 10 minutes with the trigger condition: ctx.results.hits.total > 0
When the elasticsearch cluster is in good health, everything works well and we get alerts. However if the cluster is not responding for whatever reason, the alert will trigger even if the message I am looking for is not actually being returned. This makes me think that the query is timing out and that results in an alert when the condition isn’t actually being matched.
Is it possible to avoid triggering an alert on the condition that no data is returned (i.e. search timeout)?