This query will update the trigger message for monitor alerts in Kibana with Open Distro plugin installed.
This should also work with the AWS ElasticSearch service as it utilizes Open Distro.
A Microsoft Teams (MS Teams) generic message card template is included.
Either use CURL or Dev Tools in Kibana. Note, this will only update the first trigger.
| POST .opendistro-alerting-config/_update_by_query | |
| { | |
| "script": { | |
| "lang": "painless", | |
| "source": "ctx._source.monitor['triggers'][0]['actions'][0]['message_template'] = params", | |
| "params": { | |
| "source": """ | |
| { | |
| "@context": "https://schema.org/extensions", | |
| "@type": "MessageCard", | |
| "potentialAction": [ | |
| { | |
| "@type": "OpenUri", | |
| "name": "View Kibana", | |
| "targets": [ | |
| { | |
| "os": "default", | |
| "uri": "http://your.kibana.url" | |
| } | |
| ] | |
| } | |
| ], | |
| "sections": [ | |
| { | |
| "facts": [ | |
| { | |
| "name": "Trigger:", | |
| "value": "{{ctx.trigger.name}}" | |
| }, | |
| { | |
| "name": "Severity:", | |
| "value": "{{ctx.trigger.severity}}" | |
| }, | |
| { | |
| "name": "Period start:", | |
| "value": "{{ctx.periodStart}}" | |
| }, | |
| { | |
| "name": "Period end:", | |
| "value": "{{ctx.periodEnd}}" | |
| } | |
| ], | |
| "text": "Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue." | |
| } | |
| ], | |
| "summary": "Alert", | |
| "themeColor": "0072C6", | |
| "title": "{{ctx.monitor.name}}" | |
| } | |
| """, | |
| "lang" : "mustache" | |
| } | |
| }, | |
| "query": { | |
| "match": { | |
| "monitor.type" : { | |
| "query" : "monitor" | |
| } | |
| } | |
| } | |
| } |
If anyone can script this to update all triggers, that would be greatly appreciated.