chaossearch_monitor Resource
Define a Search Analytics monitor using Terraform
The chaossearch_monitor resource defines a Search Analytics monitor that can watch for specific events or conditions, and send an alert or notification when the condition or event is detected. Monitors can be defined by a visual graph or by an extraction query. You must also create one or more destinations to specify the locations where the notifications are sent when the alert is triggered.
It can be helpful to create a monitor using the Search Analytics > Alerts UI and then export the monitor as a JSON file to see the format and options for the resource fields. For more information about monitors and fields, see Alert Monitors.
Monitors require user_name/password authentication.
When you define monitor resources in your Terraform files, you must specify a username/password login pair because API key authentication is not supported for monitors. If you specify only an API key and secret combination, the chaossearch_monitor resource fails and displays the error:
Error: Failed to authenticate => API Keys used with incompatible resource
Example Usage
The structure of a monitor resource that uses a query extraction as a trigger follows:
resource "chaossearch_monitor" "monitor" {
name = "tf-monitor-name"
type = "monitor"
enabled = true
schedule {
period {
interval = 1
unit = "MINUTES"
}
}
inputs {
search {
indices = ["example-view-name"]
query = jsonencode({
"size": 0,
"aggregations": {
"when": {
"avg": {
"field": "Magnitude"
},
"meta": null
}
},
"query": {
"bool": {
"filter": [
{
"range": {
"Period": {
"gte": "{{period_end}}||-1h",
"lte": "{{period_end}}",
"format": "epoch_millis"
}
}
}
]
}
}
})
}
}
triggers {
name = "tf-provider-trigger"
severity = "1"
condition {
script {
lang = "painless"
source = "ctx.results[0].hits.total.value > 1000"
}
}
actions {
name = "tf-provider-action"
destination_id = "WyJkZXN0IiwienotdGYtcHJvdmlkZXItZGVzdC1jdXN0b20td2ViaG9vayJd"
subject_template {
lang = "mustache"
source = "Monitor {{ctx.monitor.name}} Triggered"
}
message_template {
lang = "mustache"
source = "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.\n- Trigger: {{ctx.trigger.name}}\n- Severity: {{ctx.trigger.severity}}\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}"
}
throttle_enabled = true
throttle {
value = 10
unit = "MIN"
}
}
}
}
NOTE
Multiple trigger blocks and action blocks can be defined in one resource. All fields are required except for
throttle_enabledandthrottle.
Argument Reference
| Field | Required | Description | |||
|---|---|---|---|---|---|
name | Yes | The name of the monitor | |||
type | Yes | Specify monitor. | |||
enabled | Yes | Specifies true or false to indicate whether the monitor is enabled. | |||
schedule | Yes | Specifies how frequently to run the monitor. | |||
period | Yes | A container to specify the schedule information | |||
interval | Yes | Specifies the number of the schedule interval, such as 1, 2, 3, and so on. | |||
unit | Yes | Specifies the units of the schedule interval, such as HOURS, MINUTES, DAYS. | |||
inputs | Yes | A container to specify the monitor definition | |||
search | Yes | A container to specify the extraction query | |||
indices | Yes | Specify one or more Refinery views to use as the indexes for the extraction query or visualization. | |||
query | Yes | A container specified as a jsonencode value that contains the monitor definition's JSON fields. Example:query = jsonencode({ "query": { "match": { "sent_bytes": { "query": 100000 } } } })To see examples of different query statements, you can export a monitor definition from the UI in JSON format. | |||
triggers | Yes | A container for the trigger definition(s) | |||
name | Yes | The name of the trigger for the associated monitor | |||
severity | Yes | Specifies the severity level for the triggered condition where 1 is the highest severity and 5 is the lowest. | |||
condition | Yes | For an extraction query monitor, you specify an extraction query response, a trigger condition, and a trigger condition response, where you can specify and tune the trigger criteria. For a visual query monitor, select the threshold to use for the trigger. You can choose options such as IS ABOVE, IS BELOW, or IS EXACTLY, and the value to use as the threshold. When the trigger condition is true, the trigger is activated. | |||
script | Yes | A container that defines the trigger condition for an extraction query monitor. | |||
lang | Yes | Specifies the language used for the script of the trigger condition. For example: painless | |||
source | Yes | Specifies the trigger condition. | |||
actions | Yes | A container that defines the action to take when the monitor is triggered. | |||
name | Yes | The name of the action being defined | |||
destination_id | Yes | The internal ID (not a name) of the destination to which to send the alert notification. The destination must be created before you define this monitor/trigger. | |||
subject_template | Yes | A container that specifies the subject of the notification | |||
lang | Yes | Specifies the language used for the script of the subject statement. For example, specify mustache to use mustache Web templates. | |||
source | Yes | Specify the message subject string, with or without mustache Web templates. | |||
message_template | Yes | A container that specifies the message body of the notification | |||
lang | Yes | Specifies the scripting language used for the message body. For example: mustache | |||
source | Yes | Specify the message body content, with or without mustache Web templates. | |||
throttle_enabled | No | Specifies whether you want to limit the number of notifications you receive within a given time frame. | |||
throttle | No | A container to specify the throttle rules | |||
value | No | Specify the throttle timeframe of 1 to 1440 minutes. If a monitor checks a trigger condition every minute, you could receive one notification per minute. If you set throttling to 60 minutes, you receive no more than one notification per hour, even if the trigger condition is met throughout that hour. | |||
unit | No | Specify the throttle temporal units such as MIN |
Updated over 1 year ago