Create Monitors using PPL, similar to use of query DSL

[adityaj1107]

Issue by harwinds Monday Mar 29, 2021 at 17:15 GMT Originally opened as https://github.com/opendistro-for-elasticsearch/alerting/issues/364

---

To Create new monitors, currently there is an option to use query DSL only. Looking for an alternative to create monitors using PPL, as PPL is much more easier to understand. Alternative solution, is there a way to convert PPL queries into query DSL?

[adityaj1107]

Comment by dai-chen Monday Mar 29, 2021 at 19:03 GMT

---

Hi @harwinds , I assume you're trying to create Alerting Monitor with PPL queries. You can check out by our explain API: https://github.com/opendistro-for-elasticsearch/sql/blob/develop/docs/experiment/ppl/interfaces/endpoint.rst#explain. However, the output is a query plan rather than pure DSL query which won't work by copy. I think the best way is to integrate with SQL/PPL from Alerting internally. So I'm transferring this issue to Alerting team.

[elfisher]

@aditjind and @skkosuri-amzn this issue and the SQL one would be good to double click on. PPL and SQL can be easier to write than the DSL in some situations and since they have "Group By" clauses there might be some synergies with Bucket-level alerts too.

[aishwaryashankar-dev]

Hi Team,

Currently, are there any enhancements/features available for using PPL queries directly in alert monitors ?

[brijos]

I created an RFC for Alerting using PPL. Please take a look as the goal is to make the overall workflow easier from Discover rather than just adding a new PPL monitor. We've received feedback from the community as well as customers who have said that the overall workflow is difficult to get through.