OpenSearch Alerting monitors

Log Management stacks can use two alerting paths:

• ElastAlert 2 rules (YAML) — configured under Alerting & Notifications in the Logit.io dashboard. This is the primary, YAML-based workflow described in Create a rule and Rule types.
• OpenSearch Alerting — monitors created inside Launch Logs (OpenSearch Dashboards). This guide covers that UI workflow.

Prerequisites

You need a Logit.io account. You can sign up for a free trial. If your Logs stack is not yet receiving data, complete your ingestion setup first.

Step 1 — Create a monitor

1. Sign in to Logit.io.
2. From your dashboard choose Launch Logs to open OpenSearch Dashboards.
3. In the left menu, open Alerting under OpenSearch Plugins.
4. Choose Create monitor.

Monitor details

1. Monitor name — use a clear name.
2. Monitor type — choose Per query monitor to track a search query.
3. Defining method — Visual editor is the simplest starting point.
4. Schedule — set Run every (for example, every 5 minutes).

Step 2 — Data source

1. Index — enter the index or pattern that holds your data (for example filebeat-*).
2. Time field — usually @timestamp.

Step 3 — Query / filter

1. In the Query section, add filters that define which documents should be evaluated (for example, a value in the message field).
2. Expand the preview to confirm matches look correct.

Step 4 — Trigger

1. Add a trigger with a name and condition (for example, count IS ABOVE 0 for a simple “any match” test).

Step 5 — Notification action

1. Choose Add action.
2. Open Manage Channels to configure Slack, email, custom webhooks, or other channel types, then select the channel for this action.
3. Use Send test message to verify delivery.

Choose Create to save the monitor, trigger, and actions.

Monitor and troubleshoot

Use the monitor dashboard to review execution history and open alerts.

Alerts appear on the timeline when they fire.

The Alerts tab lists active alerts.