Hi,
I've been trying to set up an alert which monitors the percentage of error logs (out of the total logs). I have been using the ratio threshold option but I get the alert triggered also for a single error log line (when there are no other log lines in the relevant time period) which produces a percentage of 100%. Is there a way to add a condition on the sample size?
Hi @Itamar_Carmel, thanks for reaching out.
I believe you are trying to setup a Log threshold rule with ratio threshold. At the moment, it is not possible to apply count threshold or sample size on the ratio threshold. However, we do think it could be a useful feature and we are looking into supporting this in the future.
Hi,
Any news regarding the applying of a count on a ratio threshold feature?
Hi @Itamar_Carmel ,
You can track status of this feature here: [Log Threshold Rule] Add Minimum total docs as advanced setting for Ratio alerts · Issue #146703 · elastic/kibana · GitHub.