[MongoDB]: Add alerting rule templates (#15866)

shmsr · web-flow · commit c5838cd5eaae · 2025-12-02T22:53:02.000+05:30
diff --git a/packages/mongodb/changelog.yml b/packages/mongodb/changelog.yml
@@ -1,3 +1,8 @@
+- version: "1.23.0"
+  changes:
+    - description: Add alerting rule templates.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15866
 - version: "1.22.0"
   changes:
     - description: Allow @custom pipeline access to event.original without setting preserve_original_event.
diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-cache-usage-high.json
@@ -0,0 +1,31 @@
+{
+    "id": "mongodb-cache-usage-high",
+    "type": "alerting_rule_template",
+    "attributes": {
+        "name": "[MongoDB] WiredTiger cache pressure",
+        "tags": [
+            "MongoDB"
+        ],
+        "ruleTypeId": ".es-query",
+        "schedule": {
+            "interval": "1m"
+        },
+        "params": {
+            "searchType": "esqlQuery",
+            "timeWindowSize": 5,
+            "timeWindowUnit": "m",
+            "esqlQuery": {
+                "esql": "// Alert when WiredTiger cache utilization exceeds 85% over the configured time window.\n// Aggregates per instance (service.address) using averaged cache stats.\nFROM metrics-mongodb.status-*\n| STATS cache_used=AVG(mongodb.status.wired_tiger.cache.used.bytes),\n        cache_max=AVG(mongodb.status.wired_tiger.cache.maximum.bytes) BY service.address\n| WHERE cache_max > 0\n| EVAL cache_usage_pct = (cache_used / cache_max) * 100\n| WHERE cache_usage_pct > 85"
+            },
+            "groupBy": "row",
+            "termSize": 5,
+            "timeField": "@timestamp"
+        },
+        "alertDelay": {
+            "active": 1
+        }
+    },
+    "managed": true,
+    "coreMigrationVersion": "8.8.0",
+    "typeMigrationVersion": "10.1.0"
+}
diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-connection-usage-high.json
@@ -0,0 +1,31 @@
+{
+    "id": "mongodb-connection-usage-high",
+    "type": "alerting_rule_template",
+    "attributes": {
+        "name": "[MongoDB Availability] High connection usage",
+        "tags": [
+            "MongoDB"
+        ],
+        "ruleTypeId": ".es-query",
+        "schedule": {
+            "interval": "1m"
+        },
+        "params": {
+            "searchType": "esqlQuery",
+            "timeWindowSize": 5,
+            "timeWindowUnit": "m",
+            "esqlQuery": {
+                "esql": "// Alert when current connections exceed 80% of total available capacity.\n// Aggregates average current/available connections per service.address.\nFROM metrics-mongodb.status-*\n| STATS current_conn=AVG(mongodb.status.connections.current),\n        available_conn=AVG(mongodb.status.connections.available) BY service.address\n| EVAL total_conn = current_conn + available_conn\n| WHERE total_conn > 0\n| EVAL connection_usage_pct = (current_conn / total_conn) * 100\n| WHERE connection_usage_pct > 80"
+            },
+            "groupBy": "row",
+            "termSize": 5,
+            "timeField": "@timestamp"
+        },
+        "alertDelay": {
+            "active": 1
+        }
+    },
+    "managed": true,
+    "coreMigrationVersion": "8.8.0",
+    "typeMigrationVersion": "10.1.0"
+}
diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-oplog-headroom-critical.json
@@ -0,0 +1,31 @@
+{
+    "id": "mongodb-oplog-headroom-critical",
+    "type": "alerting_rule_template",
+    "attributes": {
+        "name": "[MongoDB] Oplog headroom critically low",
+        "tags": [
+            "MongoDB"
+        ],
+        "ruleTypeId": ".es-query",
+        "schedule": {
+            "interval": "1m"
+        },
+        "params": {
+            "searchType": "esqlQuery",
+            "timeWindowSize": 5,
+            "timeWindowUnit": "m",
+            "esqlQuery": {
+                "esql": "// Alert when oplog headroom drops below 15 minutes, risking replication stalls.\n// Guards against negative values and groups by replica set name.\nFROM metrics-mongodb.replstatus-*\n| STATS oplog_headroom_min=MIN(mongodb.replstatus.headroom.min) BY mongodb.replstatus.set_name\n| WHERE oplog_headroom_min IS NOT NULL\n| EVAL oplog_headroom_min = CASE(oplog_headroom_min >= 0, oplog_headroom_min, 0)\n| EVAL oplog_headroom_minutes = TO_DOUBLE(oplog_headroom_min) / 60.0\n| WHERE oplog_headroom_minutes < 15"
+            },
+            "groupBy": "row",
+            "termSize": 5,
+            "timeField": "@timestamp"
+        },
+        "alertDelay": {
+            "active": 1
+        }
+    },
+    "managed": true,
+    "coreMigrationVersion": "8.8.0",
+    "typeMigrationVersion": "10.1.0"
+}
diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replica-member-down.json
@@ -0,0 +1,31 @@
+{
+    "id": "mongodb-replica-member-down",
+    "type": "alerting_rule_template",
+    "attributes": {
+        "name": "[MongoDB] Replica member down",
+        "tags": [
+            "MongoDB"
+        ],
+        "ruleTypeId": ".es-query",
+        "schedule": {
+            "interval": "1m"
+        },
+        "params": {
+            "searchType": "esqlQuery",
+            "timeWindowSize": 5,
+            "timeWindowUnit": "m",
+            "esqlQuery": {
+                "esql": "// Alert when replica sets report members in the down state within the configured time window.\n// Groups by replica set name to isolate environments.\nFROM metrics-mongodb.replstatus-*\n| STATS members_down=MAX(mongodb.replstatus.members.down.count) BY mongodb.replstatus.set_name\n| WHERE members_down > 0"
+            },
+            "groupBy": "row",
+            "termSize": 5,
+            "timeField": "@timestamp"
+        },
+        "alertDelay": {
+            "active": 1
+        }
+    },
+    "managed": true,
+    "coreMigrationVersion": "8.8.0",
+    "typeMigrationVersion": "10.1.0"
+}
diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-replication-lag-high.json
@@ -0,0 +1,31 @@
+{
+    "id": "mongodb-replication-lag-high",
+    "type": "alerting_rule_template",
+    "attributes": {
+        "name": "[MongoDB] High replication lag",
+        "tags": [
+            "MongoDB"
+        ],
+        "ruleTypeId": ".es-query",
+        "schedule": {
+            "interval": "1m"
+        },
+        "params": {
+            "searchType": "esqlQuery",
+            "timeWindowSize": 5,
+            "timeWindowUnit": "m",
+            "esqlQuery": {
+                "esql": "// Alert when maximum replication lag exceeds 10 seconds for any replica set.\n// Aggregates per replica set name.\nFROM metrics-mongodb.replstatus-*\n| STATS replication_lag=MAX(mongodb.replstatus.lag.max) BY mongodb.replstatus.set_name\n| WHERE replication_lag > 10"
+            },
+            "groupBy": "row",
+            "termSize": 5,
+            "timeField": "@timestamp"
+        },
+        "alertDelay": {
+            "active": 1
+        }
+    },
+    "managed": true,
+    "coreMigrationVersion": "8.8.0",
+    "typeMigrationVersion": "10.1.0"
+}
diff --git a/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json b/packages/mongodb/kibana/alerting_rule_template/mongodb-unhealthy-replica-members.json
@@ -0,0 +1,31 @@
+{
+    "id": "mongodb-unhealthy-replica-members",
+    "type": "alerting_rule_template",
+    "attributes": {
+        "name": "[MongoDB] Unhealthy replica members",
+        "tags": [
+            "MongoDB"
+        ],
+        "ruleTypeId": ".es-query",
+        "schedule": {
+            "interval": "1m"
+        },
+        "params": {
+            "searchType": "esqlQuery",
+            "timeWindowSize": 5,
+            "timeWindowUnit": "m",
+            "esqlQuery": {
+                "esql": "// Alert when replica sets report unhealthy members during the window.\n// Groups by replica set name for clarity.\nFROM metrics-mongodb.replstatus-*\n| STATS unhealthy_members=MAX(mongodb.replstatus.members.unhealthy.count) BY mongodb.replstatus.set_name\n| WHERE unhealthy_members > 0"
+            },
+            "groupBy": "row",
+            "termSize": 5,
+            "timeField": "@timestamp"
+        },
+        "alertDelay": {
+            "active": 1
+        }
+    },
+    "managed": true,
+    "coreMigrationVersion": "8.8.0",
+    "typeMigrationVersion": "10.1.0"
+}
diff --git a/packages/mongodb/manifest.yml b/packages/mongodb/manifest.yml
@@ -1,6 +1,6 @@
 name: mongodb
 title: MongoDB
-version: "1.22.0"
+version: "1.23.0"
 description: Collect logs and metrics from MongoDB instances with Elastic Agent.
 type: integration
 categories:
@@ -11,10 +11,10 @@ icons:
     title: logo mongodb
     size: 32x32
     type: image/svg+xml
-format_version: "3.0.2"
+format_version: "3.4.0"
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.0 || ^9.2.1"
   elastic:
     subscription: basic
 screenshots:
diff --git a/packages/mongodb/validation.yml b/packages/mongodb/validation.yml
@@ -0,0 +1,3 @@
+errors:
+  exclude_checks:
+    - JSE00001

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+errors:`
	`2`	`+ exclude_checks:`
	`3`	`+ - JSE00001`