-
|
Hello! I have an idea of creating an alert and would like the support of someone who understands, in elastic I have several indexes of extreme importance that receive logs at all times, and I would like to create an alert that alerts me when any of this index stops receiving logs, for example: the rule would monitor all these indexes and when one was not receiving logs for X time it would send an alert containing which index is not receiving logs. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Yes, ElastAlert 2 supports this via the |
Beta Was this translation helpful? Give feedback.
-
|
oh thanks!, I took a look at the flatline, but in this method the alert will send the name of the index that stopped sending logs?
and the alert should send the name of the index that is not receiving log. |
Beta Was this translation helpful? Give feedback.
-
|
You will need to create one rule per index. |
Beta Was this translation helpful? Give feedback.
Yes, ElastAlert 2 supports this via the
flatlinerules. See the docs for more information.