n8n templatesn8n templates

Scheduled Monitoring of Elasticsearch Alerts with Automatic Azure DevOps Work Item Creation

This workflow automatically queries alarm data in Elasticsearch at scheduled times every day, intelligently determining whether there are any alarm messages. When an alarm is detected, it automatically creates the corresponding task ticket in Azure DevOps, thereby improving the response speed and processing efficiency of alarms. Through this automated process, the team can promptly track and manage potential issues, avoiding the inefficiencies of manual queries and task creation, ensuring that each alarm is effectively addressed and enhancing overall work efficiency.

Workflow Diagram
Scheduled Monitoring of Elasticsearch Alerts with Automatic Azure DevOps Work Item Creation Workflow diagram

Workflow Name

Scheduled Monitoring of Elasticsearch Alerts with Automatic Azure DevOps Work Item Creation

Key Features and Highlights

This workflow automates the daily scheduled query of alert data in Elasticsearch, intelligently determines the presence of alerts based on query results, and automatically creates corresponding work items in Azure DevOps when alerts are detected. It helps teams promptly track and address potential issues. Highlights include automated triggering, precise alert detection, and seamless integration with Azure DevOps work item management.

Core Problems Addressed

It resolves the inefficiency of manually querying alert information and creating tasks, preventing alert omissions and improving alert response speed and issue resolution efficiency.

Application Scenarios

Ideal for technical operations teams, development teams, or any organization relying on Elasticsearch for log and metric monitoring. By automating alert-driven task generation, it enables rapid response and tracking management of operational alerts.

Main Process Steps

  1. Scheduled Trigger (Cron Trigger): Automatically starts the workflow daily at 12:15 PM.
  2. Query Alerts (Elasticsearch Query): Executes a predefined Elasticsearch query to retrieve current alert data.
  3. Check Alert Count (Check for Alerts): Determines if the number of alert entries in the query result is greater than zero.
  4. Create Work Item (Create Work Item): If alerts exist, calls the Azure DevOps API to automatically create a work item.
  5. No Operation (No Operation): If no alerts are found, no action is taken and the workflow ends.

Involved Systems or Services

  • Elasticsearch: Used for storing and querying monitoring alert data.
  • Azure DevOps: Used for creating and managing work items to support subsequent alert handling.
  • Cron Scheduled Trigger: Enables automatic daily execution.

Target Users and Value

This workflow is suitable for operations engineers, SRE teams, development managers, and project management personnel. It facilitates automated management of alert events, streamlines alert response processes, and enhances team efficiency and emergency handling capabilities. By automatically creating work items, it ensures every alert is tracked and resolved, significantly reducing the risk of issues being overlooked due to human error.