chaossearch_monitor Resource

Define a Search Analytics monitor using Terraform

The chaossearch_monitor resource defines a Search Analytics monitor that can watch for specific events or conditions, and send an alert or notification when the condition or event is detected. Monitors can be defined by a visual graph or by an extraction query. You must also create one or more destinations to specify the locations where the notifications are sent when the alert is triggered.

It can be helpful to create a monitor using the Search Analytics > Alerts UI and then export the monitor as a JSON file to see the format and options for the resource fields. For more information about monitors and fields, see Alert Monitors.

📘
Monitors require user_name/password authentication.
When you define monitor resources in your Terraform files, you must specify a username/password login pair because API key authentication is not supported for monitors. If you specify only an API key and secret combination, the chaossearch_monitor resource fails and displays the error:
Error: Failed to authenticate => API Keys used with incompatible resource

Example Usage

The structure of a monitor resource that uses a query extraction as a trigger follows:

resource "chaossearch_monitor" "monitor" {
  name = "tf-monitor-name"
  type = "monitor"
  enabled = true
  schedule {
    period {
      interval = 1
      unit = "MINUTES"
    }
  }
  inputs {
    search {
      indices = ["example-view-name"]
      query = jsonencode({
        "size": 0,
        "aggregations": {
            "when": {
                "avg": {
                    "field": "Magnitude"
                },
                "meta": null
            }
        },
        "query": {
            "bool": {
                "filter": [
                    {
                        "range": {
                            "Period": {
                                "gte": "{{period_end}}||-1h",
                                "lte": "{{period_end}}",
                                "format": "epoch_millis"
                            }
                        }
                    }
                ]
            }
        }
      })
    }
  }
  triggers {
    name = "tf-provider-trigger"
    severity = "1"
    condition {
      script {
        lang = "painless"
        source = "ctx.results[0].hits.total.value > 1000"
      }
    }
    actions {
      name = "tf-provider-action"
      destination_id = "WyJkZXN0IiwienotdGYtcHJvdmlkZXItZGVzdC1jdXN0b20td2ViaG9vayJd"
      subject_template {
        lang = "mustache"
        source = "Monitor {{ctx.monitor.name}} Triggered"
      }
      message_template {
        lang = "mustache"
        source = "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.\n- Trigger: {{ctx.trigger.name}}\n- Severity: {{ctx.trigger.severity}}\n- Period start: {{ctx.periodStart}}\n- Period end: {{ctx.periodEnd}}"
      }
      throttle_enabled = true
      throttle {
        value = 10
        unit = "MIN"
      }
    }
  }
}

📘
NOTE
Multiple trigger blocks and action blocks can be defined in one resource. All fields are required except for throttle_enabled and throttle.

Argument Reference

Field				Required	Description
`name`				Yes	The name of the monitor
`type`				Yes	Specify `monitor`.
`enabled`				Yes	Specifies `true` or `false` to indicate whether the monitor is enabled.
`schedule`				Yes	Specifies how frequently to run the monitor.
	`period`			Yes	A container to specify the schedule information
		`interval`		Yes	Specifies the number of the schedule interval, such as `1`, `2`, `3`, and so on.
		`unit`		Yes	Specifies the units of the schedule interval, such as `HOURS`, `MINUTES`, `DAYS`.
`inputs`				Yes	A container to specify the monitor definition
	`search`			Yes	A container to specify the extraction query
		`indices`		Yes	Specify one or more Refinery views to use as the indexes for the extraction query or visualization.
		`query`		Yes	A container specified as a `jsonencode` value that contains the monitor definition's JSON fields. Example:\ `query = jsonencode({ "query": { "match": { "sent_bytes": { "query": 100000 } } } })` To see examples of different `query` statements, you can export a monitor definition from the UI in JSON format.
`triggers`				Yes	A container for the trigger definition(s)
	`name`			Yes	The name of the trigger for the associated monitor
	`severity`			Yes	Specifies the severity level for the triggered condition where `1` is the highest severity and `5` is the lowest.
	`condition`			Yes	For an extraction query monitor, you specify an extraction query response, a trigger condition, and a trigger condition response, where you can specify and tune the trigger criteria. For a visual query monitor, select the threshold to use for the trigger. You can choose options such as `IS ABOVE`, `IS BELOW`, or `IS EXACTLY`, and the value to use as the threshold. When the trigger condition is true, the trigger is activated.
		`script`		Yes	A container that defines the trigger condition for an extraction query monitor.
			`lang`	Yes	Specifies the language used for the script of the trigger condition. For example: `painless`
			`source`	Yes	Specifies the trigger condition.
	`actions`			Yes	A container that defines the action to take when the monitor is triggered.
		`name`		Yes	The name of the action being defined
		`destination_id`		Yes	The internal ID (not a name) of the destination to which to send the alert notification. The destination must be created before you define this monitor/trigger.
		`subject_template`		Yes	A container that specifies the subject of the notification
			`lang`	Yes	Specifies the language used for the script of the subject statement. For example, specify mustache to use mustache Web templates.
			`source`	Yes	Specify the message subject string, with or without mustache Web templates.
		`message_template`		Yes	A container that specifies the message body of the notification
			`lang`	Yes	Specifies the scripting language used for the message body. For example: `mustache`
			`source`	Yes	Specify the message body content, with or without mustache Web templates.
		`throttle_enabled`		No	Specifies whether you want to limit the number of notifications you receive within a given time frame.
		`throttle`		No	A container to specify the throttle rules
			`value`	No	Specify the throttle timeframe of 1 to 1440 minutes. If a monitor checks a trigger condition every minute, you could receive one notification per minute. If you set throttling to 60 minutes, you receive no more than one notification per hour, even if the trigger condition is met throughout that hour.
			`unit`	No	Specify the throttle temporal units such as MIN

Updated 14 days ago

chaossearch_monitor Resource

📘
Monitors require user_name/password authentication.

Example Usage

📘
NOTE

Argument Reference

📘Monitors require user_name/password authentication.

Example Usage

📘NOTE

Argument Reference

📘
Monitors require user_name/password authentication.

📘
NOTE