Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Configuration

The Alerting plugin is configured through cluster settings under the plugins.alerting.* namespace. All settings can be updated dynamically via the cluster settings API.

Monitor Settings

SettingTypeDefaultDescription
plugins.alerting.monitor.max_monitorsInteger10Maximum number of monitors allowed per node.
plugins.alerting.monitor.max_triggersInteger10Maximum number of triggers per monitor (hard max: 50).
plugins.alerting.monitor.doc_level_monitor_shard_fetch_sizeInteger10000Number of documents fetched per shard for document-level monitors.
plugins.alerting.monitor.doc_level_monitor_fan_out_nodesInteger1000Maximum number of nodes to fan out document-level monitor queries to.
plugins.alerting.monitor.doc_level_monitor_fanout_max_durationTimeValue3mMaximum duration for fan-out operations in document-level monitors.
plugins.alerting.monitor.doc_level_monitor_execution_max_durationTimeValue4mMaximum total execution duration for document-level monitors.
plugins.alerting.monitor.percolate_query_max_num_docs_in_memoryInteger50000Maximum number of documents held in memory for percolate queries.
plugins.alerting.monitor.percolate_query_docs_size_memory_percentage_limitInteger10Maximum percentage of JVM heap used for percolate query documents.
plugins.alerting.monitor.doc_level_monitor_query_field_names_enabledBooleantrueEnable field name extraction for document-level monitor queries.

Timeout Settings

SettingTypeDefaultDescription
plugins.alerting.input_timeoutTimeValue30sTimeout for monitor input (query) execution.
plugins.alerting.index_timeoutTimeValue30sTimeout for index operations (writing alerts, findings).
plugins.alerting.bulk_timeoutTimeValue30sTimeout for bulk index operations.
plugins.alerting.request_timeoutTimeValue10sTimeout for internal transport requests.

Alert History Settings

SettingTypeDefaultDescription
plugins.alerting.alert_history_enabledBooleantrueEnable alert history storage.
plugins.alerting.alert_history_rollover_periodTimeValue1dHow often to roll over the alert history index.
plugins.alerting.alert_history_max_ageTimeValue30dMaximum age of alert history indices before deletion.
plugins.alerting.alert_history_max_docsLong1000000Maximum number of documents per alert history index.
plugins.alerting.alert_history_retention_periodTimeValue30dRetention period for alert history data.
plugins.alerting.alert_backoff_millisTimeValue50msBackoff interval between alert write retries.
plugins.alerting.alert_backoff_countInteger3Number of retry attempts for failed alert writes.
plugins.alerting.max_actionable_alert_countLong50Maximum number of alerts that can trigger actions in a single monitor execution.

Finding History Settings

SettingTypeDefaultDescription
plugins.alerting.alert_finding_enabledBooleantrueEnable finding history storage.
plugins.alerting.alert_finding_rollover_periodTimeValue12hHow often to roll over the finding history index.
plugins.alerting.finding_history_max_ageTimeValue30dMaximum age of finding history indices before deletion.
plugins.alerting.alert_findings_indexing_batch_sizeInteger1000Batch size for bulk-indexing findings.

Comment Settings

SettingTypeDefaultDescription
plugins.alerting.comments_enabledBooleantrueEnable the alert comments feature.
plugins.alerting.comments_history_max_docsLong1000Maximum number of documents per comments history index.
plugins.alerting.comments_history_max_ageTimeValue30dMaximum age of comments history indices before deletion.
plugins.alerting.comments_history_rollover_periodTimeValue12hHow often to roll over the comments history index.
plugins.alerting.max_comment_character_lengthInteger2000Maximum character length for a single comment.
plugins.alerting.max_comments_per_alertInteger500Maximum number of comments allowed per alert.
plugins.alerting.max_comments_per_notificationInteger3Maximum number of comments included in alert notification messages.

General Settings

SettingTypeDefaultDescription
plugins.alerting.filter_by_backend_rolesBooleantrueWhen enabled, users can only view monitors and alerts created by users who share the same backend role.
plugins.alerting.action_throttle_max_valueTimeValue24hMaximum throttle duration for alert actions.
plugins.alerting.cross_cluster_monitoring_enabledBooleantrueEnable monitoring of indices on remote clusters via cross-cluster search.

Updating Settings

All settings can be updated at runtime through the cluster settings API:

curl -sk -u admin:admin -X PUT \
  "https://localhost:9200/_cluster/settings" \
  -H 'Content-Type: application/json' \
  -d '{
    "persistent": {
      "plugins.alerting.monitor.max_monitors": 20,
      "plugins.alerting.alert_history_max_age": "60d"
    }
  }'