Log Management
Alerting
Configuration
Configure OpenSearch Alerts to Match Events For a Query

Configure Alerts for OpenSearch to match all/any events for a specific query

An 'Any Alert' as its name suggests will match any events that match the query filter.

Use the type any to match all limits the results you use a query filter as shown in the example below. You can simply cut and paste this example into your new Logit.io alert and then modify the elastic query to match the required events. Next, update the email address and test and run the alert.

name: "Any match alert example"
type: any
index: "*-*"
filter:
- query:
   query_string:
      query: "agent.hostname:azure AND status: [500 TO 599]"      
alert:
- "email"
email:
- "[email protected]"
Configure High CPU OpenSearch Alerts for LogsConfigure OpenSearch Percentage Match Alerts