How do I disable the .opendistro-alerting-alert-history index alerts in my Amazon Elasticsearch Service cluster?

Last updated: 2020-08-27

There are .opendistro-alerting-alert-history indices being created in my Amazon Elasticsearch Service (Amazon ES) cluster. Why is this happening and how do I disable the opendistro-alerting-alert-history index alerts?

Resolution

Amazon ES Alerting feature

The .opendistro-alerting-alert-history indices are created when the alerting feature is enabled in Amazon ES. The alerting feature notifies users when the search criteria is met for the documents in the indices.

The monitoring configurations are stored in the .opendistro-alerting-config index, while daily alerts are stored in the .opendistro-alerting-alerts index. The .opendistro-alerting-alerts index then gets rolled over daily to an Amazon ES Alerting history index like .opendistro-alerting-alert-history-<date>. The .opendistro-alerting-alert-history-<date> index then begins to populate as soon as the monitor is created and the search criteria is met.

For more information about the alerting feature, see Alerting on the Open Distro website.

Disabling the daily creation of indices

Note: Amazon ES doesn't allow users to change the frequency of the Alerting history indices.

If you aren't using the monitoring feature and would like to disable the daily creation of these indices, perform the following steps:

1.    Go to the Kibana Alerting tab.

2.    Delete any monitors.

3.    Delete all the alerts for the .opendistro-alerting-alert-history indices:

DELETE /.opendistro-alerting-alert-history-*

4.    Use the following query to disable the Alerting plugin:

PUT /_cluster/settings -H 'Content-Type: application/json' -d '{
  "persistent": {
    "opendistro.scheduled_jobs.enabled": "false"
  }
}'

This query deletes all the schedules for Alerting monitoring jobs, ensuring that daily indices are not created.

Removing old opendistro-alerting-alert-history indices while monitoring data

You can remove older Alerting history indices while using the monitoring feature. It doesn't affect your monitor configuration.

Note: If you delete the history index for a specific day, it removes the alert history only for that day.


Did this article help?


Do you need billing or technical support?