Ask for important features

Hello,
I have just discovered opendistro and I am evaluating it. I am interested expecially in alerting features.
I have these questions about features I have seen in other products:

  • can you send alerts also to:

  • can you write alerts in a new elasticsearch index (so I can create alert of alerts or export alerts using logstash)

  • can I choose to send “alert on”/ “alert off” or only “alert on” messages to destination?

  • can I throttle alerts? YES I have seen RFC

Thanks,
Mario

Hi @mgiammarco,

can you send alerts also to:

Can you use custom webhook to send notifications to these destinations? If not we can add a github issue to integrate with these.

can you write alerts in a new elasticsearch index (so I can create alert of alerts or export alerts using logstash)

Currently we are only storing alerts in a single index. This could be an interesting enhancement to allow user defined index for storing alerts, but would require quite a bit of backend changes.

can I choose to send “alert on”/ “alert off” or only “alert on” messages to destination?

Currently you can only disable the monitor to no longer have notifications sent. Sounds like you want this configuration on a trigger level?

can I throttle alerts?

Yes this has been added in the latest release. See Issue 14

I have replied online above.

Your use case for alerting based on alerts is already possible with a query to the alerts index (active alerts, historical / completed alerts, or both).

Interesting that these alert destinations have optimized protocols, if there is enough community interest we can go ahead and integrate with these protocols as well as long as they are open source.

I am still confused about this “alert on” and “alert off”, could you provide a example of this? If not ill take a look at Influxdb with chronograf. The way I understand what you said it is very similar to our acknowledge system?

Alerta.io Riemann.io are quite important in the “alerting” community.
Influxdb supports alerta output out of the box.
And also Grafana and Prometheus are integrated with alerta or riemann.
Please note that logstash already supports riemann as an output so, as a workaround, I can try to build a logstash pipeline with alerts index as input and riemann as output.
At the moment I am worried about rabbitmq which is used less for this use case but I hope you will support it.

Regarding alert on/off you can look in the Kapacitor documentation AlertNode section the alert.norecoveries() explanation.