How do I turn off the .opendistro-alerting-alert-history index alerts in my Amazon OpenSearch Service cluster?

Last updated: 2021-10-21

There are .opendistro-alerting-alert-history indices being created in my Amazon OpenSearch Service cluster. Why is this happening and how do I turn off the .opendistro-alerting-alert-history index alerts?

Resolution

OpenSearch Service Alerting feature

When you turn on the alerting feature in OpenSearch Service, the .opendistro-alerting-alert-history indices are created along with an alias. The alerting feature notifies users when the search criteria is met for the documents in the indices.

The monitoring configurations are stored in the .opendistro-alerting-config index, while daily alerts are stored in the .opendistro-alerting-alerts index. The .opendistro-alerting-alerts index then is rolled over daily to an Alerting history index. The .opendistro-alerting-alert-history- indices begin to populate as soon as the monitor is created and the search criteria is met.

Note: To delete or modify the content of any indices, use the alerting APIs. For more information about the alerting feature, see Alerting API and Alerting indices on the Open Distro website.

Turn off the daily creation of indices

To turn off the creation of the .opendistro-alerting-alert-history- indices, perform the following steps:

1.    Go to the OpenSearch Dashboards Alerting tab.

2.    Delete any monitors.

3.    Delete all the alerts for the .opendistro-alerting-alert-history indices:

DELETE /.opendistro-alerting-alert-history-*

4.    Turn off the creation of the Alerting history:

PUT _cluster/settings
{
     "persistent": {
          "opendistro.alerting.alert_history_enabled":"false"
     }
}

Removing old .opendistro-alerting-alert-history indices while monitoring data

You can remove older Alerting history indices while using the monitoring feature. Your monitor configuration will not be impacted.

Note: If you delete the history index for a specific day, only the Alerting history for that day is removed.


Did this article help?


Do you need billing or technical support?