How can I setup an alert for a non-reporting beat? In other/specific words, I need to know, ideally through Kibana, when any of the beats stops sending data. I know I can setup monitoring on the data received, but here I want to know as soon as I stop receiving data.
I'm thinking you could create a query that checks for the documents from the Beat. An if the query does return 0 results for the last minute, you trigger an alert.
I'll soon have over a 1000 beats. So I can't really write a query for every beat, and if I write a single query, I woudn't know which beat stopped responding, right?
What I have settled for now, is to enable the HTTP Endpoint on the beats. I then use Heartbeat to check the port. It of course doesn't tell me that the beats are surely sending metrics, but just that they're running.
@ruflin - Please can you comment on my approach? Also, is it possible for me to write a query to list all reporting beats every 30 minutes, and highlight what is missing comparing to the earlier list?
@Sanjeev, One idea, you could perform a terms aggregation aggregating one bucket per beat, and check that against a list of expected beats. Would that solve your problem? You must have a master list of beats somewhere that you expect to exist right?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.