apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: opensearch-alerts
  namespace: data
  labels:
    role: alert-rules
    release: kube-prometheus-stack
spec:
  groups:
    - name: opensearch
      rules:
        - alert: OpenSearchClusterRed
          expr: elasticsearch_cluster_health_status{color="red"} == 1
          for: 2m
          labels:
            severity: critical
          annotations:
            summary: "OpenSearch cluster health is RED"
            description: "OpenSearch cluster {{ $labels.cluster }} health status is red."

        - alert: OpenSearchClusterYellow
          expr: |
            elasticsearch_cluster_health_status{color="yellow"} == 1
              and on(cluster)
            elasticsearch_cluster_health_number_of_data_nodes > 1
          for: 10m
          labels:
            severity: warning
          annotations:
            summary: "OpenSearch cluster health is YELLOW"
            description: "OpenSearch cluster {{ $labels.cluster }} health status is yellow (multi-node, so unassigned shards indicate a real problem)."

        - alert: OpenSearchHeapHigh
          expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) > 0.85
          for: 5m
          labels:
            severity: warning
          annotations:
            summary: "OpenSearch JVM heap usage is high"
            description: "OpenSearch node {{ $labels.name }} in {{ $labels.namespace }} heap usage is above 85%."