I try to use elasticsearch as a 2nd log output storage, to analyze some
info in logs. In this case, an alert triggers will be very useful. I read
through docs talking about percolator and I think this should be the way to
make it out.But after some trying, I found that I don't really get how
percolator works. It seems that I use REST API to index a document with a
percolator already set up, it will return if that document match the
percolator query or not. For my case, I use Logstash as input which of
course don't have this kind of feedback. And a "count" appears to be
accessible from REST that I can use to get this kind "feedback" from
percolator but I find it no where.
Could some one give me an idea about how I can achieve this kind of feature
with Elasticsearch?
I know I can have ways to trigger an alert in Logstash but for my case
Logstash is a temporary tool to input the data, I could possible not use it
in the future.
I also notice that Graylog has kind of alert. When the input event match
some keywords, the alarm will trigger. I guess it also use some percolator
APIs but I wish to know how can I do this alone with Elasticsearch only.
I try to use elasticsearch as a 2nd log output storage, to analyze some
info in logs. In this case, an alert triggers will be very useful. I read
through docs talking about percolator and I think this should be the way to
make it out.But after some trying, I found that I don't really get how
percolator works. It seems that I use REST API to index a document with a
percolator already set up, it will return if that document match the
percolator query or not. For my case, I use Logstash as input which of
course don't have this kind of feedback. And a "count" appears to be
accessible from REST that I can use to get this kind "feedback" from
percolator but I find it no where.
Could some one give me an idea about how I can achieve this kind of
feature with Elasticsearch?
I know I can have ways to trigger an alert in Logstash but for my case
Logstash is a temporary tool to input the data, I could possible not use it
in the future.
I also notice that Graylog has kind of alert. When the input event match
some keywords, the alarm will trigger. I guess it also use some percolator
APIs but I wish to know how can I do this alone with Elasticsearch only.
Yeah I have done something with that. For now there is a .percolator in my
index mapping. But I failed to get further interact with that, which I
mean, according to the docs, percolator should be an "index"? But I cannot
find any additional index on my node after I set a percolator query...And
also, there is a count API I can use to check how many events hits by the
percolator query, I also cannot make that work...
Can anyone give me an example of how you setup the percolator as an alert
or similar?
So here is what my percolator looks like when I get the mapping of the
index....
I try to use elasticsearch as a 2nd log output storage, to analyze some
info in logs. In this case, an alert triggers will be very useful. I read
through docs talking about percolator and I think this should be the way to
make it out.But after some trying, I found that I don't really get how
percolator works. It seems that I use REST API to index a document with a
percolator already set up, it will return if that document match the
percolator query or not. For my case, I use Logstash as input which of
course don't have this kind of feedback. And a "count" appears to be
accessible from REST that I can use to get this kind "feedback" from
percolator but I find it no where.
Could some one give me an idea about how I can achieve this kind of
feature with Elasticsearch?
I know I can have ways to trigger an alert in Logstash but for my case
Logstash is a temporary tool to input the data, I could possible not use it
in the future.
I also notice that Graylog has kind of alert. When the input event match
some keywords, the alarm will trigger. I guess it also use some percolator
APIs but I wish to know how can I do this alone with Elasticsearch only.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.