Configure Spike Alerts for OpenSearch
A Spike alert matches when the volume of events during a given time period is larger or smaller based on spike_height than during the previous time period timeframe.

This would allow you to receive alerts in scenarios such as if there is 3 times spike up based on a ratio value spike_height in the number of events matching the filter query, when compared to the previous time window for events timeframe. Here is an example below:

name: "Spike example alert"
type: spike
index: "*-*"

hours: 2

spike_height: 3

spike_type: "up"

- query:
query: "router.status: [500 TO 599]"

- "email"

- ""

Additional Options

In addition, you can also provide a threshold_cur value that allows you to configure the minimum number of events that must exist in the current window for an alert to be fired.

