How do I disable the .opendistro-alerting-alert-history index alerts in my Amazon OpenSearch Service cluster?

Last updated: 2021-07-30

When you enable the alerting feature in OpenSearch Service, the .opendistro-alerting-alert-history indices are created (along with an alias). The alerting feature notifies users when the search criteria is met for the documents in the indices.

The monitoring configurations are stored in the .opendistro-alerting-config index, while daily alerts are stored in the .opendistro-alerting-alerts index. The .opendistro-alerting-alerts index then is rolled over daily to an Alerting history index. The .opendistro-alerting-alert-history-<date> index begins to populate as soon as the monitor is created and the search criteria is met.

Note: To delete or modify the content of any indices, use the alerting APIs. For more information about the alerting feature, see Alerting and Alerting indices on the Open Distro website.

To disable the creation of the .opendistro-alerting-alert-history-<date> indices, perform the following steps:

1.    Go to the OpenSearch Dashboards Alerting tab.

2.    Delete any monitors.

3.    Delete all the alerts for the .opendistro-alerting-alert-history indices:

4.    Disable the creation of the Alerting history:

You can remove older Alerting history indices while using the monitoring feature. Your monitor configuration will not be impacted.

Note: If you delete the history index for a specific day, only the Alerting history for that day is removed.