Implement alerts in Amazon OpenSearch Service with PagerDuty



In as we speak’s fast-paced digital world, companies rely closely on their knowledge to make knowledgeable selections. This knowledge is usually saved and analyzed utilizing varied instruments, resembling Amazon OpenSearch Service, a strong search and analytics service provided by AWS. OpenSearch Service offers real-time insights into your knowledge to help use circumstances like interactive log analytics, real-time utility monitoring, web site search, and extra. Analyzing logs may help companies rapidly establish and troubleshoot points.

Nonetheless, with the rising quantity of information, it may be difficult to observe every thing manually. Guide monitoring consumes a whole lot of assets and is tough to take care of as the applying panorama modifications. We want a sustainable and automatic method to observe crucial functions and infrastructure.

With automated alerting with a third-party service like PagerDuty, an incident administration platform, mixed with the sturdy and highly effective alerting plugin offered by OpenSearch Service, companies can proactively handle and reply to crucial occasions. You should use this proactive alerting to observe knowledge patterns for current knowledge, monitor clusters, detect patterns, and extra.

OpenSearch Dashboard offers an alerting plugin that you should use to arrange varied varieties of screens and alerts. You should use the plugin to arrange totally different screens, together with cluster well being, a person doc, a customized question, or aggregated knowledge. These screens can be utilized to ship alerts to customers.

On this submit, we exhibit how you can implement PagerDuty because the notification mechanism to get notified primarily based on cluster well being standing. These notifications might be delivered through varied channels, together with e-mail, SMS, or customized webhooks (like PagerDuty). The OpenSearch Service alerting plugin helps complicated alert guidelines and offers a person interface to handle them.

Answer overview

PagerDuty is a cloud-based incident administration platform that helps companies deal with their alerts and incidents in actual time. PagerDuty works by consolidating alerts from varied monitoring instruments and routing them to the appropriate workforce member, guaranteeing that points are addressed promptly. Many companies are utilizing PagerDuty for real-time incident notifications through a number of channels, guaranteeing that the appropriate workforce members are alerted rapidly.

On this submit, we describe how you can arrange PagerDuty and combine it with an OpenSearch Service customized webhook for alert notifications when a threshold is met.

The next diagram illustrate OpenSearch Service operating inside an Amazon VPC utilizing screens and triggers to ship a notification to the PagerDuty service utilizing an Occasions API customized webhook

We have to arrange a service and integration on PagerDuty to start receiving incident notifications from OpenSearch Service. A service in PagerDuty represents an utility, part, or workforce that we will set off the notification in opposition to.


Earlier than you get began, create the next assets, if not already out there:

Create a service on PagerDuty

To create a service on PagerDuty, full the next steps:

  1. Log in to PagerDuty utilizing your private or enterprise account that’s getting used to allow the mixing with OpenSearch Service.
  2. On the Providers tab, select New Service.
  3. Enter a reputation and non-compulsory description, then select Subsequent.

Within the subsequent step, we create or assign an escalation coverage for the service. An escalation coverage represents the order of duty for reacting to the problems detected on a service.

  1. If you have already got an escalation coverage outlined inside the group or workforce, choose Choose an current Escalation Coverage and specify your coverage. In any other case, choose Generate a brand new Escalation Coverage, then select Subsequent.

Within the subsequent step, we will group the alerts primarily based on time or content material:

    • To group alerts collectively primarily based on the alert content material, choose Content material-Primarily based grouping.
    • To group them primarily based on a selected time length, choose Time-Primarily based grouping.
    • Deciding on the Clever grouping choice will group the alerts intelligently primarily based on content material or time.
  1. Depart the defaults and select Subsequent.
  2. On the Integrations web page, choose the Occasions API V2 integration (this will likely be used for integration with OpenSearch Service) and select Create Service.

In case you don’t choose the mixing throughout this step, you’ll be able to add it later.

  1. Pay attention to the mixing key on the Integrations tab.

Create a notification channel on OpenSearch Service with a customized webhook

Customized webhooks present the flexibility to ship these notifications to third-party providers like PagerDuty utilizing a REST API. After we configure the notification channel, we will use it for different screens past this use case and to detect knowledge patterns which might be saved inside the cluster.

Full the next steps to configure the notification channel:

  1. On the OpenSearch Dashboards web page, select Notifications beneath Amazon OpenSearch Plugins within the navigation pane.
  2. On the Channels tab, select Create channel.
  3. Enter a reputation for the channel and an non-compulsory description.
  4. For Channel sort, select Customized webhook.
  5. For Technique, select POST.
  6. For Outline endpoints by, choose Customized attributes URL.
  1. For Host, enter
  2. For Path, enter v2/enqueue.
  3. Below Webhook headers, select Add header.
  4. Enter X-Routing-Key as the important thing and the mixing key you obtained earlier as the worth.
  5. Select Create and make sure the channel is efficiently created.

Configure OpenSearch Service alerts to ship notifications to PagerDuty

We will monitor OpenSearch cluster well being in two alternative ways:

  • Utilizing the OpenSearch Dashboard alerting plugin by establishing a per cluster metrics monitor. This offers a question to retrieve metrics associated to the cluster well being.
  • Integrating with Amazon CloudWatch, a monitoring and observability service.

On this use case, we use the alerting plugin. Full the next steps:

  1. On the OpenSearch Dashboards web page, select Alerting beneath Amazon OpenSearch Plugins within the navigation pane.
  2. On the Screens tab, select Create monitor.
  3. For Monitor identify, enter a reputation (for instance, Monitor Cluster Well being).
  4. For Monitor sort, choose Per cluster metrics monitor.
  5. Below Schedule¸ configure the monitor to run each minute.
  6. Within the Question part, for Request sort, select Cluster well being.
  7. Select Preview question.
  8. Create a set off by selecting Add set off.
  9. For Set off identify, enter a reputation (for instance, Cluster Well being Standing is Crimson).
  10. Depart Severity stage at 1 (Highest).
  11. Below Set off situation, delete the default code and enter the next:
ctx.outcomes[0].standing == "crimson"

  1. Select Preview situation response to verify that Set off situation response exhibits as false, indicating that the cluster is wholesome.
  2. Below Actions, select Add motion.
  3. For Motion identify, enter a reputation (for instance, Ship a PagerDuty notification).
  4. For Channels, select the channel you created earlier.
  5. For Message, enter the next code:
{ "event_action": "set off",
"payload" :
	{	"abstract": "{{ctx.set off.identify}}",
		"supply": " {{ctx.monitor.identify}}",
		"severity": "crucial",
				"-Severity" : "{{ctx.set off.severity}}",
				"-Interval begin" : "{{ctx.periodStart}}",
				"-Interval finish": "{{ctx.periodEnd}}"

Be aware that aside from the custom_details part within the code, the remainder of the fields are obligatory for PagerDuty.

  1. Select Ship check message and check to ensure you obtain an alert on the PagerDuty service.
  2. Select Create and make sure the monitor was created efficiently.

A notification will likely be despatched to the PagerDuty service as a part of the check, which can set off a notification through a cellphone name or textual content message for the one who is obtainable primarily based on the escalation coverage outlined earlier. This notification might be safely acknowledged and resolved from PagerDuty as a result of that is was a check.

Clear up

To scrub up the infrastructure and keep away from further costs, full the next steps:

  1. Delete the PagerDuty service.
  2. Delete the OpenSearch Service area that was created as a part of the stipulations.


The combination of OpenSearch Service alerts with PagerDuty offers a strong and environment friendly resolution for managing and responding to crucial occasions in actual time. With this integration, you’ll be able to simply arrange alerts and notifications to remain knowledgeable about potential points inside your OpenSearch Service clusters or points associated to knowledge and paperwork saved inside the cluster, and proactively take motion to resolve any issues that come up. Moreover, the mixing permits for seamless collaboration between groups, enabling them to work collectively to establish and troubleshoot points as they happen.

For extra details about anomaly detection and alerts in OpenSearch Service, consult with Anomaly Detection in Amazon OpenSearch and Configuring Alerts in Amazon OpenSearch.

Concerning the Authors

Manikanta Gona is a Information and ML Engineer at AWS Skilled Providers. He joined AWS in 2021 with 6+ years of expertise in IT. At AWS, he’s targeted on Information Lake implementations, and Search, Analytical workloads utilizing Amazon OpenSearch Service. In his spare time, he like to backyard, and go on hikes and biking along with his husband.

Vivek Shrivastava is a Principal Information Architect, Information Lake in AWS Skilled Providers. He’s a Bigdata fanatic and holds 14 AWS Certifications. He’s enthusiastic about serving to clients construct scalable and high-performance knowledge analytics options within the cloud. In his spare time, he loves studying and finds areas for house automation

Ravikiran Rao is a Information Architect at AWS and is enthusiastic about fixing complicated knowledge challenges for varied clients. Outdoors of labor, he’s a theatre fanatic and an newbie tennis participant.

Hari Krishna KC is a Information Architect with the AWS Skilled Providers Group. He makes a speciality of AWS Information Lakes & AWS OpenSearch Service and have helped quite a few shopper migrate their workload to Information Lakes and Search knowledge shops