Alarm for silent log source

KaWa · September 20, 2024, 1:41pm

Hi,

I'd like to create an alarm for every log source that used to log frequently.
How can I do this?

Best regards
Kai

--
Version: 8.15.1

Pedro_Jaramillo · October 1, 2024, 2:28pm

Hi @KaWa, my understanding is that you are trying to get alerted when a data source shows significant drops in average logging volume (please correct me if I'm wrong). Please take a look at the Log Threshold rule type, as it looks like it might meet your needs. This rule type is available through Kibana -> Stack Management -> Rules.

KaWa · October 2, 2024, 7:13am

Thank you, @Pedro_Jaramillo.
I'll have a look.

system · October 30, 2024, 7:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need Help - Log Source Silent Alarm Elasticsearch	1	617	December 14, 2018
Watcher if log occours Kibana elastic-stack-alerting	3	231	September 16, 2021
Threshold rule to alert when logs stop coming in from a log source Elastic Security elastic-stack-alerting	2	331	November 4, 2022
Creating alerts in Kibana for a specific query Kibana elastic-stack-alerting	5	840	November 1, 2020
Alerts based on increase in logged value, rather than specific threshold Kibana elastic-stack-alerting	3	1109	February 15, 2021

Alarm for silent log source

Related topics