Can't create a monitor with type "Per document"

[Anton Khokhlov]

When i creating a monitor with type "Per document" the error is occured:
" Failed to get write index for queryIndex alias:.opensearch-alerting-queries  "

1. How can i correctly restore the system indice of OpenSearch named .opensearch-alerting-queries?

2. And...I always catch the timeout when add at least one query to the monitor with type "Per document" demonstrated on the attached screenshot. How can I solve this problem?

[RusFM]

I'd like to add that on our single node system, that Wazuh has created numerous .opensearch-alerting-queries shards.

We deleted some initially, and tried to implement an ISM solution like here:  https://groups.google.com/g/wazuh/c/tgaabFMiAL8

But the shards keep getting created.  This is causing issues with monitors and alerting.

[Md. Nazmur Sakib]

Hi Anton Khokhlov

I have tried to configure it with per document monitor as well and it is working for me.  I am sharing some screenshots of my configuration for reference.

Just to let you know per document monitor runs a query to individual documents that matches the alert with that query. If your intention is not to find the document ID, you can use other monitors like per query monitor.

I sharing some documents on this topic. Please go through them to understand the topic better and get help with configuration.

https://opensearch.org/docs/2.8/observing-your-data/alerting/index/

https://opensearch.org/docs/2.8/observing-your-data/alerting/monitors/#per-document-monitors

The Alerting is a plugin from OpenSearch. I will also suggest you query on OpenSearch Community on this to get better assistance.

https://forum.opensearch.org/

I hope you find this information helpful.