From e03d1e0014233f54e8c8c67e7c7ad6e56c84b2b0 Mon Sep 17 00:00:00 2001 From: subham sarkar Date: Wed, 5 Nov 2025 01:57:32 +0530 Subject: [PATCH 1/4] mongodb: Package alert rule template --- packages/mongodb/changelog.yml | 5 +++ .../ingest_pipeline/pipeline-json.yml | 5 +++ .../mongodb-cache-usage-high.json | 36 +++++++++++++++++++ .../mongodb-connection-usage-high.json | 36 +++++++++++++++++++ .../mongodb-oplog-headroom-critical.json | 36 +++++++++++++++++++ .../mongodb-replica-member-down.json | 36 +++++++++++++++++++ .../mongodb-replica-members-rollback.json | 36 +++++++++++++++++++ .../mongodb-replication-lag-high.json | 36 +++++++++++++++++++ .../mongodb-unhealthy-replica-members.json | 36 +++++++++++++++++++ .../mongodb-write-tickets-low.json | 36 +++++++++++++++++++ packages/mongodb/manifest.yml | 4 +-- 11 files changed, 300 insertions(+), 2 deletions(-) create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json create mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json diff --git a/packages/mongodb/changelog.yml b/packages/mongodb/changelog.yml index dfdaa14bd09..e89fbd281f5 100644 --- a/packages/mongodb/changelog.yml +++ b/packages/mongodb/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.23.0" + changes: + - description: Package Alerting Rule Template. + type: enhancement + link: https://github.com/elastic/integrations/pull/99999 - version: "1.22.0" changes: - description: Allow @custom pipeline access to event.original without setting preserve_original_event. diff --git a/packages/mongodb/data_stream/log/elasticsearch/ingest_pipeline/pipeline-json.yml b/packages/mongodb/data_stream/log/elasticsearch/ingest_pipeline/pipeline-json.yml index 579ca7d604e..0a81c14d63f 100644 --- a/packages/mongodb/data_stream/log/elasticsearch/ingest_pipeline/pipeline-json.yml +++ b/packages/mongodb/data_stream/log/elasticsearch/ingest_pipeline/pipeline-json.yml @@ -49,6 +49,11 @@ processors: - mongodb.log.truncated - mongodb.log.size ignore_missing: true +- remove: + field: message + ignore_missing: true + if: 'ctx.event?.original != null' + description: 'The `message` field is no longer required if the document has an `event.original` field.' on_failure: - set: field: error.message diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json new file mode 100644 index 00000000000..394ec6eac5a --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-cache-usage-high", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Resources] WiredTiger cache pressure", + "tags": ["MongoDB", "Resources"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.status-default\n| STATS cache_used = AVG(`mongodb.status.wired_tiger.cache.used.bytes`),\n cache_max = AVG(`mongodb.status.wired_tiger.cache.maximum.bytes`) BY `service.address`\n| EVAL cache_usage_pct = (cache_used / cache_max) * 100\n| WHERE cache_usage_pct > 85" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json new file mode 100644 index 00000000000..587a8e971ef --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-connection-usage-high", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Availability] High connection usage", + "tags": ["MongoDB", "Availability"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.status-default\n| STATS current_conn = AVG(`mongodb.status.connections.current`),\n available_conn = AVG(`mongodb.status.connections.available`) BY `service.address`\n| EVAL connection_usage_pct = (current_conn / (current_conn + available_conn)) * 100\n| WHERE connection_usage_pct > 80" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json new file mode 100644 index 00000000000..a93e532adf2 --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-oplog-headroom-critical", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Oplog headroom critically low", + "tags": ["MongoDB", "Replication"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS oplog_headroom_min = MIN(`mongodb.replstatus.headroom.min`) BY `mongodb.replstatus.set_name`\n| WHERE oplog_headroom_min < 3600000" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json new file mode 100644 index 00000000000..e412dacbe54 --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-replica-member-down", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Replica member down", + "tags": ["MongoDB", "Replication"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS members_down = MAX(`mongodb.replstatus.members.down.count`) BY `mongodb.replstatus.set_name`, `service.address`\n| WHERE members_down > 0" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json new file mode 100644 index 00000000000..000d5a14674 --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-replica-members-rollback", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Members in rollback state", + "tags": ["MongoDB", "Replication"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS rollback_members = MAX(`mongodb.replstatus.members.rollback.count`) BY `mongodb.replstatus.set_name`\n| WHERE rollback_members > 0" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json new file mode 100644 index 00000000000..2a1c27a3e05 --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-replication-lag-high", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] High replication lag", + "tags": ["MongoDB", "Replication"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS replication_lag = MAX(`mongodb.replstatus.lag.max`) BY `mongodb.replstatus.set_name`\n| WHERE replication_lag > 10000" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json new file mode 100644 index 00000000000..37a609e9af2 --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-unhealthy-replica-members", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Unhealthy replica members", + "tags": ["MongoDB", "Replication"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS unhealthy_members = MAX(`mongodb.replstatus.members.unhealthy.count`) BY `mongodb.replstatus.set_name`\n| WHERE unhealthy_members > 0" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json new file mode 100644 index 00000000000..4ef242d6d1e --- /dev/null +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json @@ -0,0 +1,36 @@ +{ + "id": "mongodb-write-tickets-low", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Performance] Low write tickets available", + "tags": ["MongoDB", "Performance"], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "threshold": [0], + "thresholdComparator": ">", + "size": 100, + "esqlQuery": { + "esql": "FROM metrics-mongodb.status-default\n| STATS write_tickets_available = AVG(`mongodb.status.wired_tiger.concurrent_transactions.write.available`) BY `service.address`\n| WHERE write_tickets_available < 10" + }, + "aggType": "count", + "groupBy": "row", + "termSize": 5, + "sourceFields": [], + "timeField": "@timestamp", + "excludeHitsFromPreviousRun": true + }, + "alertDelay": { + "active": 1 + } + }, + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" +} + diff --git a/packages/mongodb/manifest.yml b/packages/mongodb/manifest.yml index 5f404a85eaf..b92e24c6352 100644 --- a/packages/mongodb/manifest.yml +++ b/packages/mongodb/manifest.yml @@ -1,6 +1,6 @@ name: mongodb title: MongoDB -version: "1.22.0" +version: "1.23.0" description: Collect logs and metrics from MongoDB instances with Elastic Agent. type: integration categories: @@ -11,7 +11,7 @@ icons: title: logo mongodb size: 32x32 type: image/svg+xml -format_version: "3.0.2" +format_version: "3.5.0" conditions: kibana: version: "^8.13.0 || ^9.0.0" From 587cafe703fab8e8c8ea97a5a5bfff602d43efc3 Mon Sep 17 00:00:00 2001 From: subham sarkar Date: Tue, 11 Nov 2025 15:51:07 +0530 Subject: [PATCH 2/4] Do cleanup --- .../mongodb-cache-usage-high.json | 61 +++++++++---------- .../mongodb-connection-usage-high.json | 61 +++++++++---------- .../mongodb-oplog-headroom-critical.json | 61 +++++++++---------- .../mongodb-replica-member-down.json | 61 +++++++++---------- .../mongodb-replica-members-rollback.json | 61 +++++++++---------- .../mongodb-replication-lag-high.json | 61 +++++++++---------- .../mongodb-unhealthy-replica-members.json | 61 +++++++++---------- .../mongodb-write-tickets-low.json | 61 +++++++++---------- 8 files changed, 232 insertions(+), 256 deletions(-) diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json index 394ec6eac5a..26a31545f1f 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json @@ -1,36 +1,33 @@ { - "id": "mongodb-cache-usage-high", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Resources] WiredTiger cache pressure", - "tags": ["MongoDB", "Resources"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-cache-usage-high", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Resources] WiredTiger cache pressure", + "tags": [ + "MongoDB", + "Resources" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.status-default\n| STATS cache_used = AVG(`mongodb.status.wired_tiger.cache.used.bytes`),\n cache_max = AVG(`mongodb.status.wired_tiger.cache.maximum.bytes`) BY `service.address`\n| EVAL cache_usage_pct = (cache_used / cache_max) * 100\n| WHERE cache_usage_pct > 85" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.status-default\n| STATS cache_used = AVG(`mongodb.status.wired_tiger.cache.used.bytes`),\n cache_max = AVG(`mongodb.status.wired_tiger.cache.maximum.bytes`) BY `service.address`\n| EVAL cache_usage_pct = (cache_used / cache_max) * 100\n| WHERE cache_usage_pct > 85" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json index 587a8e971ef..f13feb39327 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json @@ -1,36 +1,33 @@ { - "id": "mongodb-connection-usage-high", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Availability] High connection usage", - "tags": ["MongoDB", "Availability"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-connection-usage-high", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Availability] High connection usage", + "tags": [ + "MongoDB", + "Availability" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.status-default\n| STATS current_conn = AVG(`mongodb.status.connections.current`),\n available_conn = AVG(`mongodb.status.connections.available`) BY `service.address`\n| EVAL connection_usage_pct = (current_conn / (current_conn + available_conn)) * 100\n| WHERE connection_usage_pct > 80" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.status-default\n| STATS current_conn = AVG(`mongodb.status.connections.current`),\n available_conn = AVG(`mongodb.status.connections.available`) BY `service.address`\n| EVAL connection_usage_pct = (current_conn / (current_conn + available_conn)) * 100\n| WHERE connection_usage_pct > 80" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json index a93e532adf2..f395d80d11f 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json @@ -1,36 +1,33 @@ { - "id": "mongodb-oplog-headroom-critical", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Replication] Oplog headroom critically low", - "tags": ["MongoDB", "Replication"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-oplog-headroom-critical", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Oplog headroom critically low", + "tags": [ + "MongoDB", + "Replication" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS oplog_headroom_min = MIN(`mongodb.replstatus.headroom.min`) BY `mongodb.replstatus.set_name`\n| WHERE oplog_headroom_min < 3600000" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS oplog_headroom_min = MIN(`mongodb.replstatus.headroom.min`) BY `mongodb.replstatus.set_name`\n| WHERE oplog_headroom_min < 3600000" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json index e412dacbe54..e68d2843166 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json @@ -1,36 +1,33 @@ { - "id": "mongodb-replica-member-down", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Replication] Replica member down", - "tags": ["MongoDB", "Replication"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-replica-member-down", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Replica member down", + "tags": [ + "MongoDB", + "Replication" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS members_down = MAX(`mongodb.replstatus.members.down.count`) BY `mongodb.replstatus.set_name`, `service.address`\n| WHERE members_down > 0" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS members_down = MAX(`mongodb.replstatus.members.down.count`) BY `mongodb.replstatus.set_name`, `service.address`\n| WHERE members_down > 0" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json index 000d5a14674..c74f568902a 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json @@ -1,36 +1,33 @@ { - "id": "mongodb-replica-members-rollback", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Replication] Members in rollback state", - "tags": ["MongoDB", "Replication"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-replica-members-rollback", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Members in rollback state", + "tags": [ + "MongoDB", + "Replication" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS rollback_members = MAX(`mongodb.replstatus.members.rollback.count`) BY `mongodb.replstatus.set_name`\n| WHERE rollback_members > 0" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS rollback_members = MAX(`mongodb.replstatus.members.rollback.count`) BY `mongodb.replstatus.set_name`\n| WHERE rollback_members > 0" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json index 2a1c27a3e05..c6a2e34f05a 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json @@ -1,36 +1,33 @@ { - "id": "mongodb-replication-lag-high", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Replication] High replication lag", - "tags": ["MongoDB", "Replication"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-replication-lag-high", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] High replication lag", + "tags": [ + "MongoDB", + "Replication" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS replication_lag = MAX(`mongodb.replstatus.lag.max`) BY `mongodb.replstatus.set_name`\n| WHERE replication_lag > 10000" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS replication_lag = MAX(`mongodb.replstatus.lag.max`) BY `mongodb.replstatus.set_name`\n| WHERE replication_lag > 10000" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json index 37a609e9af2..ae32d39934d 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json @@ -1,36 +1,33 @@ { - "id": "mongodb-unhealthy-replica-members", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Replication] Unhealthy replica members", - "tags": ["MongoDB", "Replication"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-unhealthy-replica-members", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Replication] Unhealthy replica members", + "tags": [ + "MongoDB", + "Replication" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.replstatus-default\n| STATS unhealthy_members = MAX(`mongodb.replstatus.members.unhealthy.count`) BY `mongodb.replstatus.set_name`\n| WHERE unhealthy_members > 0" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS unhealthy_members = MAX(`mongodb.replstatus.members.unhealthy.count`) BY `mongodb.replstatus.set_name`\n| WHERE unhealthy_members > 0" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json index 4ef242d6d1e..589b3303b3f 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json @@ -1,36 +1,33 @@ { - "id": "mongodb-write-tickets-low", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Performance] Low write tickets available", - "tags": ["MongoDB", "Performance"], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" + "id": "mongodb-write-tickets-low", + "type": "alerting_rule_template", + "attributes": { + "name": "[MongoDB Performance] Low write tickets available", + "tags": [ + "MongoDB", + "Performance" + ], + "ruleTypeId": ".es-query", + "schedule": { + "interval": "1m" + }, + "params": { + "searchType": "esqlQuery", + "timeWindowSize": 5, + "timeWindowUnit": "m", + "esqlQuery": { + "esql": "FROM metrics-mongodb.status-default\n| STATS write_tickets_available = AVG(`mongodb.status.wired_tiger.concurrent_transactions.write.available`) BY `service.address`\n| WHERE write_tickets_available < 10" + }, + "groupBy": "row", + "termSize": 5, + "timeField": "@timestamp" + }, + "alertDelay": { + "active": 1 + } }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "threshold": [0], - "thresholdComparator": ">", - "size": 100, - "esqlQuery": { - "esql": "FROM metrics-mongodb.status-default\n| STATS write_tickets_available = AVG(`mongodb.status.wired_tiger.concurrent_transactions.write.available`) BY `service.address`\n| WHERE write_tickets_available < 10" - }, - "aggType": "count", - "groupBy": "row", - "termSize": 5, - "sourceFields": [], - "timeField": "@timestamp", - "excludeHitsFromPreviousRun": true - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" + "managed": true, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.1.0" } From 7581797953adc00a972c6f00ace3ffffcf529635 Mon Sep 17 00:00:00 2001 From: subham sarkar Date: Tue, 11 Nov 2025 15:51:47 +0530 Subject: [PATCH 3/4] Fix PR num --- packages/mongodb/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/mongodb/changelog.yml b/packages/mongodb/changelog.yml index e89fbd281f5..841444e3f21 100644 --- a/packages/mongodb/changelog.yml +++ b/packages/mongodb/changelog.yml @@ -2,7 +2,7 @@ changes: - description: Package Alerting Rule Template. type: enhancement - link: https://github.com/elastic/integrations/pull/99999 + link: https://github.com/elastic/integrations/pull/15866 - version: "1.22.0" changes: - description: Allow @custom pipeline access to event.original without setting preserve_original_event. From 30ca7d1cdbf4a8ac20d6071b0ac208b74a3e19b0 Mon Sep 17 00:00:00 2001 From: subham sarkar Date: Tue, 11 Nov 2025 18:12:41 +0530 Subject: [PATCH 4/4] More changes --- .../mongodb-cache-usage-high.json | 2 +- .../mongodb-connection-usage-high.json | 2 +- .../mongodb-oplog-headroom-critical.json | 2 +- .../mongodb-replica-member-down.json | 2 +- .../mongodb-replica-members-rollback.json | 33 ------------------- .../mongodb-replication-lag-high.json | 2 +- .../mongodb-unhealthy-replica-members.json | 2 +- .../mongodb-write-tickets-low.json | 33 ------------------- 8 files changed, 6 insertions(+), 72 deletions(-) delete mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json delete mode 100644 packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json index 26a31545f1f..f0a3d4f3041 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json @@ -16,7 +16,7 @@ "timeWindowSize": 5, "timeWindowUnit": "m", "esqlQuery": { - "esql": "FROM metrics-mongodb.status-default\n| STATS cache_used = AVG(`mongodb.status.wired_tiger.cache.used.bytes`),\n cache_max = AVG(`mongodb.status.wired_tiger.cache.maximum.bytes`) BY `service.address`\n| EVAL cache_usage_pct = (cache_used / cache_max) * 100\n| WHERE cache_usage_pct > 85" + "esql": "FROM metrics-mongodb.status-default\n| WHERE @timestamp >= NOW() - 5 MINUTES\n| STATS cache_used=AVG(mongodb.status.wired_tiger.cache.used.bytes),\n cache_max=AVG(mongodb.status.wired_tiger.cache.maximum.bytes) BY service.address\n| WHERE cache_max > 0\n| EVAL cache_usage_pct = (cache_used / cache_max) * 100\n| WHERE cache_usage_pct > 85" }, "groupBy": "row", "termSize": 5, diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json index f13feb39327..30775ca3968 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json @@ -16,7 +16,7 @@ "timeWindowSize": 5, "timeWindowUnit": "m", "esqlQuery": { - "esql": "FROM metrics-mongodb.status-default\n| STATS current_conn = AVG(`mongodb.status.connections.current`),\n available_conn = AVG(`mongodb.status.connections.available`) BY `service.address`\n| EVAL connection_usage_pct = (current_conn / (current_conn + available_conn)) * 100\n| WHERE connection_usage_pct > 80" + "esql": "FROM metrics-mongodb.status-default\n| WHERE @timestamp >= NOW() - 5 MINUTES\n| STATS current_conn=AVG(mongodb.status.connections.current),\n available_conn=AVG(mongodb.status.connections.available) BY service.address\n| EVAL total_conn = current_conn + available_conn\n| WHERE total_conn > 0\n| EVAL connection_usage_pct = (current_conn / total_conn) * 100\n| WHERE connection_usage_pct > 80" }, "groupBy": "row", "termSize": 5, diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json index f395d80d11f..5c043f017c7 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json @@ -16,7 +16,7 @@ "timeWindowSize": 5, "timeWindowUnit": "m", "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS oplog_headroom_min = MIN(`mongodb.replstatus.headroom.min`) BY `mongodb.replstatus.set_name`\n| WHERE oplog_headroom_min < 3600000" + "esql": "FROM metrics-mongodb.replstatus-default\n| WHERE @timestamp >= NOW() - 5 MINUTES\n| STATS oplog_headroom_min=MIN(mongodb.replstatus.headroom.min) BY mongodb.replstatus.set_name\n| WHERE oplog_headroom_min < 900000" }, "groupBy": "row", "termSize": 5, diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json index e68d2843166..a793854c50f 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json @@ -16,7 +16,7 @@ "timeWindowSize": 5, "timeWindowUnit": "m", "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS members_down = MAX(`mongodb.replstatus.members.down.count`) BY `mongodb.replstatus.set_name`, `service.address`\n| WHERE members_down > 0" + "esql": "FROM metrics-mongodb.replstatus-default\n| WHERE @timestamp >= NOW() - 5 MINUTES\n| STATS members_down=MAX(mongodb.replstatus.members.down.count) BY mongodb.replstatus.set_name\n| WHERE members_down > 0" }, "groupBy": "row", "termSize": 5, diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json deleted file mode 100644 index c74f568902a..00000000000 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-members-rollback.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "id": "mongodb-replica-members-rollback", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Replication] Members in rollback state", - "tags": [ - "MongoDB", - "Replication" - ], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" - }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS rollback_members = MAX(`mongodb.replstatus.members.rollback.count`) BY `mongodb.replstatus.set_name`\n| WHERE rollback_members > 0" - }, - "groupBy": "row", - "termSize": 5, - "timeField": "@timestamp" - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" -} - diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json index c6a2e34f05a..7c62e04b017 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json @@ -16,7 +16,7 @@ "timeWindowSize": 5, "timeWindowUnit": "m", "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS replication_lag = MAX(`mongodb.replstatus.lag.max`) BY `mongodb.replstatus.set_name`\n| WHERE replication_lag > 10000" + "esql": "FROM metrics-mongodb.replstatus-default\n| WHERE @timestamp >= NOW() - 5 MINUTES\n| STATS replication_lag=MAX(mongodb.replstatus.lag.max) BY mongodb.replstatus.set_name\n| WHERE replication_lag > 10000" }, "groupBy": "row", "termSize": 5, diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json index ae32d39934d..6c33e19dca8 100644 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json +++ b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json @@ -16,7 +16,7 @@ "timeWindowSize": 5, "timeWindowUnit": "m", "esqlQuery": { - "esql": "FROM metrics-mongodb.replstatus-default\n| STATS unhealthy_members = MAX(`mongodb.replstatus.members.unhealthy.count`) BY `mongodb.replstatus.set_name`\n| WHERE unhealthy_members > 0" + "esql": "FROM metrics-mongodb.replstatus-default\n| WHERE @timestamp >= NOW() - 5 MINUTES\n| STATS unhealthy_members=MAX(mongodb.replstatus.members.unhealthy.count) BY mongodb.replstatus.set_name\n| WHERE unhealthy_members > 0" }, "groupBy": "row", "termSize": 5, diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json deleted file mode 100644 index 589b3303b3f..00000000000 --- a/packages/mongodb/kibana/alerting_rule_template/mongodb-write-tickets-low.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "id": "mongodb-write-tickets-low", - "type": "alerting_rule_template", - "attributes": { - "name": "[MongoDB Performance] Low write tickets available", - "tags": [ - "MongoDB", - "Performance" - ], - "ruleTypeId": ".es-query", - "schedule": { - "interval": "1m" - }, - "params": { - "searchType": "esqlQuery", - "timeWindowSize": 5, - "timeWindowUnit": "m", - "esqlQuery": { - "esql": "FROM metrics-mongodb.status-default\n| STATS write_tickets_available = AVG(`mongodb.status.wired_tiger.concurrent_transactions.write.available`) BY `service.address`\n| WHERE write_tickets_available < 10" - }, - "groupBy": "row", - "termSize": 5, - "timeField": "@timestamp" - }, - "alertDelay": { - "active": 1 - } - }, - "managed": true, - "coreMigrationVersion": "8.8.0", - "typeMigrationVersion": "10.1.0" -} -