The Alerting plugin is configured through cluster settings under the plugins.alerting.* namespace. All settings can be updated dynamically via the cluster settings API.
Setting Type Default Description
plugins.alerting.monitor.max_monitorsInteger 10Maximum number of monitors allowed per node.
plugins.alerting.monitor.max_triggersInteger 10Maximum number of triggers per monitor (hard max: 50).
plugins.alerting.monitor.doc_level_monitor_shard_fetch_sizeInteger 10000Number of documents fetched per shard for document-level monitors.
plugins.alerting.monitor.doc_level_monitor_fan_out_nodesInteger 1000Maximum number of nodes to fan out document-level monitor queries to.
plugins.alerting.monitor.doc_level_monitor_fanout_max_durationTimeValue 3mMaximum duration for fan-out operations in document-level monitors.
plugins.alerting.monitor.doc_level_monitor_execution_max_durationTimeValue 4mMaximum total execution duration for document-level monitors.
plugins.alerting.monitor.percolate_query_max_num_docs_in_memoryInteger 50000Maximum number of documents held in memory for percolate queries.
plugins.alerting.monitor.percolate_query_docs_size_memory_percentage_limitInteger 10Maximum percentage of JVM heap used for percolate query documents.
plugins.alerting.monitor.doc_level_monitor_query_field_names_enabledBoolean trueEnable field name extraction for document-level monitor queries.
Setting Type Default Description
plugins.alerting.input_timeoutTimeValue 30sTimeout for monitor input (query) execution.
plugins.alerting.index_timeoutTimeValue 30sTimeout for index operations (writing alerts, findings).
plugins.alerting.bulk_timeoutTimeValue 30sTimeout for bulk index operations.
plugins.alerting.request_timeoutTimeValue 10sTimeout for internal transport requests.
Setting Type Default Description
plugins.alerting.alert_history_enabledBoolean trueEnable alert history storage.
plugins.alerting.alert_history_rollover_periodTimeValue 1dHow often to roll over the alert history index.
plugins.alerting.alert_history_max_ageTimeValue 30dMaximum age of alert history indices before deletion.
plugins.alerting.alert_history_max_docsLong 1000000Maximum number of documents per alert history index.
plugins.alerting.alert_history_retention_periodTimeValue 30dRetention period for alert history data.
plugins.alerting.alert_backoff_millisTimeValue 50msBackoff interval between alert write retries.
plugins.alerting.alert_backoff_countInteger 3Number of retry attempts for failed alert writes.
plugins.alerting.max_actionable_alert_countLong 50Maximum number of alerts that can trigger actions in a single monitor execution.
Setting Type Default Description
plugins.alerting.alert_finding_enabledBoolean trueEnable finding history storage.
plugins.alerting.alert_finding_rollover_periodTimeValue 12hHow often to roll over the finding history index.
plugins.alerting.finding_history_max_ageTimeValue 30dMaximum age of finding history indices before deletion.
plugins.alerting.alert_findings_indexing_batch_sizeInteger 1000Batch size for bulk-indexing findings.
Setting Type Default Description
plugins.alerting.comments_enabledBoolean trueEnable the alert comments feature.
plugins.alerting.comments_history_max_docsLong 1000Maximum number of documents per comments history index.
plugins.alerting.comments_history_max_ageTimeValue 30dMaximum age of comments history indices before deletion.
plugins.alerting.comments_history_rollover_periodTimeValue 12hHow often to roll over the comments history index.
plugins.alerting.max_comment_character_lengthInteger 2000Maximum character length for a single comment.
plugins.alerting.max_comments_per_alertInteger 500Maximum number of comments allowed per alert.
plugins.alerting.max_comments_per_notificationInteger 3Maximum number of comments included in alert notification messages.
Setting Type Default Description
plugins.alerting.filter_by_backend_rolesBoolean trueWhen enabled, users can only view monitors and alerts created by users who share the same backend role.
plugins.alerting.action_throttle_max_valueTimeValue 24hMaximum throttle duration for alert actions.
plugins.alerting.cross_cluster_monitoring_enabledBoolean trueEnable monitoring of indices on remote clusters via cross-cluster search.
All settings can be updated at runtime through the cluster settings API:
curl -sk -u admin:admin -X PUT \
"https://localhost:9200/_cluster/settings" \
-H 'Content-Type: application/json' \
-d '{
"persistent": {
"plugins.alerting.monitor.max_monitors": 20,
"plugins.alerting.alert_history_max_age": "60d"
}
}'