Closed Vejur closed 3 months ago
I think this is more a security analytics plugin problem, moving it there.
a pr is available to fix this issue: https://github.com/opensearch-project/security-analytics/pull/1047
Can confirm that the bug is fixed in 2.15.0. Thank you!
Describe the bug
We currently have three fresh installations of OpenSearch 2.13.0. When we configure a detector with corresponding alerts, alerting will only work in the first seconds after 0:00 UTC. At the same time, we can see several of those log entries:
Those errors will stop after a few seconds. There will be no more alerts on that day from the security plugin until the next night at 0:00 UTC, when the problem occurs again.
As a workaround, we have de-installed the Custom Codecs Plugin, which fixed the issue. The problem here is, that in the standard packages, this Plugin will be re-installed on upgrades. So we fear that the issue will continue in the future.
I have also found this issue, which might hint on a similar problem: https://github.com/opensearch-project/OpenSearch/issues/7012
Related component
Plugins
To Reproduce
Expected behavior
The Custom Codec Plugin should not interfere with the functionality of the Security Analytics Plugin.
Additional Details
Plugins opensearch-alerting opensearch-anomaly-detection opensearch-asynchronous-search opensearch-cross-cluster-replication opensearch-custom-codecs opensearch-flow-framework opensearch-geospatial opensearch-index-management opensearch-job-scheduler opensearch-knn opensearch-ml opensearch-neural-search opensearch-notifications opensearch-notifications-core opensearch-observability opensearch-performance-analyzer opensearch-reports-scheduler opensearch-security opensearch-security-analytics opensearch-skills opensearch-sql prometheus-exporter repository-s3
Host/Environment (please complete the following information):