Update OpenSearch Alert instructions to reflect changes in OpenSearch…

… UI and deprecated Alerting Destinations
elastisys · Jun 19, 2023 · e9526be · e9526be
1 parent c7ec393
commit e9526be
Show file tree

Hide file tree

Showing 9 changed files with 71 additions and 41 deletions.
diff --git a/docs/img/add-notifications-channel.png b/docs/img/add-notifications-channel.png
diff --git a/docs/img/create-channel-button.png b/docs/img/create-channel-button.png
diff --git a/docs/img/monitor-creation-2.png b/docs/img/monitor-creation-2.png
diff --git a/docs/img/notifications-channel-slack-test.png b/docs/img/notifications-channel-slack-test.png
diff --git a/docs/img/osd-alerting-monitors-tab.png b/docs/img/osd-alerting-monitors-tab.png
diff --git a/docs/img/osd-alerting-sidebar.png b/docs/img/osd-alerting-sidebar.png
diff --git a/docs/img/osd-notifications-channels-tab.png b/docs/img/osd-notifications-channels-tab.png
diff --git a/docs/img/trigger-notification-slack-test.png b/docs/img/trigger-notification-slack-test.png
diff --git a/docs/user-guide/log-based-alerts.md b/docs/user-guide/log-based-alerts.md
@@ -13,90 +13,120 @@ Alerting features have been enabled by default in Elastisys Compliant Kubernetes
 
 ## OpenSearch Alert Demo
 
+To use OpenSearch alerting feature, it involves two steps described below.
+
+1. **Create Notifications Channel** - A reusable location for the information that you want the monitor to send out after being triggered. Supported locations are Amazon Chime, Email, Slack, or custom webhook.
+1. **Create Monitor** - A job that runs on a defined schedule and queries OpenSearch indices. The results of these queries are then used as input for one or more triggers (Conditions that, if met, generate alerts).
+
 When you log into **OpenSearch Dashboards**, you will start at the home page as shown below.
 
 ![OpenSearch Dashboards](../img/osd-home.png)
 
-From here click **"Visualize & analyze"** to continue and you will be greeted with the options to go forward to either **Dashboard** or **Discover**. Opening the sidebar in the top left will also provide navigation to OpenSearch Dashboards features, and here **Alerting** can be found in the page shown below.
+From here click **Visualize & analyze** to continue and you will be greeted with the options to go forward to either **Dashboard** or **Discover**. Opening the sidebar in the top left will also provide navigation to **OpenSearch Dashboards Plugins**, and here **Alerting** and **Notifications** can be found in the page shown below.
 
 ![OpenSearch Alert Sidebar](../img/osd-alerting-sidebar.png)
 
-Once you click  **Alerting**, it will navigate to the below page.
+**Step 1 - Create Notification Channel**
 
-![OpenSearch Alerting Page](../img/alerting-page.png)
+We start with creating a notification channel, which enables sending messages directly to a designated Slack channel.
 
-To use OpenSearch alerting feature, it involves two steps described below.
+- Go to **Notifications** page, then **Channels** tab as shown below.
+
+     ![OpenSearch Notification Channels](../img/osd-notifications-channels-tab.png)
+
+- Click on **Create channel**
+
+- Fill in **Channel details**
+
+     ![OpenSearch Notification](../img/add-notifications-channel.png)
+
+     -  **Name** - Name of the destination - for example **user-demo-404-slack-notify**
+     -  **Channel type** - choose **Slack**
+     -  **Slack webhook URL** - Create a Slack Webhook following [Slack documentation](https://api.slack.com/incoming-webhooks). Paste the webhook URL
 
-1. **Create Destination** - A reusable location for the information that you want the monitor to send out after being triggered. Supported locations are Amazon Chime, Email, Slack, or custom webhook.
-2. **Create Monitor** - A job that runs on a defined schedule and queries OpenSearch indices. The results of these queries are then used as input for one or more triggers (Conditions that, if met, generate alerts).
 
-**Step 1 - Create Destination**
+- Test that the Slack integration works by clicking **Send test message** button and check if you receive a test message in your Slack Channel.
 
-Go to Destination & Create Destinations as shown in the below.
+     ![OpenSearch Notification Test](../img/notifications-channel-slack-test.png)
 
--  **Name** - Name of the destination, for example “**user-demo-404-slack-notify**”
--  **Type** - choose Slack or any other available types you want to use it.
--  **Webhook URL** - If using Slack, paste the webhook URL. Please refer for more information [slack-webhook](https://api.slack.com/incoming-webhooks)
+- Finally, save the Notification channel by clicking **Create** button.
 
-![OpenSearch Destination](../img/add-destination.png)
+     ![OpenSearch Monitor Create](../img/create-channel-button.png)
+
+Next, we can proceed with creating a monitor that will use our newly created channel.
 
 **Step 2 - Create Monitors**
 
-Go to Monitors & Create Monitor as shown in the below.
+- Go to **Alerting** page, then **Monitors** tab as shown below.
+
+     ![OpenSearch Notification Channels](../img/osd-alerting-monitors-tab.png)
+
+- Click on **Create monitor** button
+
+- Fill in **Monitor details**
+
+     ![OpenSearch Monitor 1](../img/monitor-creation-1.png)
+
+     - **Monitor name** - Name of the monitor, for example **user-demo-404-error**
+     - **Monitor type** - Select **Per query monitor** - For more information check OpenSearch documentation on [Monitor types](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#create-monitors)
+     - **Schedule** - How often to monitor, for example, to check every 1 minute, set:
+          - **Frequency** - **By interval**
+          - **Run every** - **1 Minutes**
+     - **Data source**
+          - **Index** where your logs are stored, for instance, **kubernetes\*** (per default, Compliant Kubernetes will store all application logs indices that match the **kubernetes\*** index pattern)
+
+          - **Time field** should be set to **@timestamp**
+
+- Continue with **Query** details
 
-- **Monitor Name** -  Name of the monitor, for example **“user-demo-404-error”**
-- Select **Per query monitor or Per bucket monitor**. - For more information [Monitor-types](https://opensearch.org/docs/latest/monitoring-plugins/alerting/monitors/#create-monitors)
-- **Frequency** -  How often to monitor, for instance, to check every 1 minute
-- **Data source**
-     - **Index**  where your logs are stored, for instance, “kubernetes” (per default, Compliant Kubernetes will store all application logs indices that match the **“kubernetes*”** index pattern)
+     ![OpenSearch Monitor 2](../img/monitor-creation-2.png)
 
-     - **Time field** should be set to **“@timestamp”**
+     - **Metrics** - optional
+     - **Time range for the last** - Time frame of data the plugin should monitor - **1 minute(s)**
+     - **Data filter** - **status-code is 404**
 
-![OpenSearch Monitor 1](../img/monitor-creation-1.png)
+- Continue with **Triggers** details
 
-- **Query**
-    - **Metrics** - optional
-    - **Time range for the last** - Time frame of data the plugin should monitor . Ex-  1 minute(s)
-     Data filter - **status-code is 404**
+     ![OpenSearch Trigger](../img/trigger.png)
 
-![OpenSearch Monitor 2](../img/monitor-creation-2.png)
+     - **Trigger name** - Name of the trigger - **404-error occurred >5 times in last 1 minute**
+     - **Severity level** - Select the severity level **1(Highest)**
+     - **Trigger condition** - Select the condition according to your applications - **IS ABOVE 5**
 
+- Continue with **Actions** details
 
-- **Triggers**
-     - **Trigger name** -  Name of the trigger. Ex- **“404-error occurred >5 times in last 1 minute”**
-     - **Severity level** - Select the severity level range with **1**(Highest) & **5**(Lowest)
-     - **Trigger condition** - Select the condition according to your applications . Ex- **IS ABOVE = 5**
-     - **Actions** - Create an action with name , destination and customized message notification accordingly.
+     ![OpenSearch Action](../img/action.png)
 
-![OpenSearch Trigger](../img/trigger.png)
+     - Create an action with name, destination and customized message notification accordingly.
+     - Test the action by clicking **Send test message** and check if you receive a test message in your Slack Channel.
 
-![OpenSearch Action](../img/action.png)
+          ![OpenSearch Test Trigger](../img/trigger-notification-slack-test.png)
 
-- Finally click - **Create** button to complete the creation of the monitor.
+- Finally click **Create** button to complete the creation of the monitor.
 
-![OpenSearch Monitor Create](../img/create-monitor-button.png)
+     ![OpenSearch Monitor Create](../img/create-monitor-button.png)
 
-- You can see the status of the monitor under **Alerting> Monitors> user-demo-404-error** as shown below.
+- You can see the status of the monitor under **Alerting > Monitors > user-demo-404-error** as shown below.
 
-![OpenSearch Monitor View](../img/monitor-view.png)
+     ![OpenSearch Monitor View](../img/monitor-view.png)
 
-#Test alert notification to Slack.
+## Test alert notification to Slack.
 
 - Demo application deployed and users get 404 errors many times (5 is the condition set before) as shown below.
 
-![OpenSearch User Request](../img/404-user-request.png)
+     ![OpenSearch User Request](../img/404-user-request.png)
 
 - We get the Slack notifications as shown below.
 
-![OpenSearch Slack Notify](../img/slack-notify.png)
+     ![OpenSearch Slack Notify](../img/slack-notify.png)
 
 - Users can view the alert status under the **Alerting** tab as shown below and accordingly take the required action.
 
-![OpenSearch Alert List](../img/alert-list.png)
+     ![OpenSearch Alert List](../img/alert-list.png)
 
 - Users can **acknowledge** the alerts under the **Alerting** tab as shown below.
 
-![OpenSearch Acknowledge Alert](../img/acknowledge-alert.png)
+     ![OpenSearch Acknowledge Alert](../img/acknowledge-alert.png)
 
 ## Alert state