I'd like to be alerted as soon as a message containing the string "ERROR" is logged in our production system. The corresponding Kibana search would be fields.env:production AND message:ERROR.
Based on what I've found online this should be possible to achieve, but I just can't figure out exactly how in the UI. Any and all help would be much appreciated.
I'm using version 6.2.4 hosted by cloud.elastic.co.
Take a look at this https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches/errors_in_logs
It should be enough to get you started.
Thanks, that didn't only get me started, it got me across the finish line 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.