Hello team,
I am trying to create new rule in kibana for cpu utilization is more than 80 %. I am monitoring 3 host in my community version of Kibana.
When it meet threshold criteare i am creating index and data is getting ingested into new index and in alert index with default fields only like rule.name, alert.uuid, .
I need to add custom fields like host.name and and host.ip
Can you please help me to achieve this?
Hi @mangeshmj1992,
If I am not wrong, from the scenario you mentioned, you would be using Inventory Threshold or Metric Threshold rule. As per my knowledge for these rules, we don't have option to directly add fields from indices .
The other way around is to use "Group alerts by (optional)". This option is present for metric threshold rule. Here in your scenario you can use host.ip.
The alerts will come specifically for each ip and you can use "context.group" or "alert.id" to get the value.
Thanks,
Fiza
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.