I would like to detect when a number of shards per index passes some threshold.
I use Metricbeat with Elasticsearch module to retrieve metrics data from indices and ElastAlert to send alerts when some number of shards per index is detected.
At first, I thought I could somehow use the _stats API or _settings endpoint in order to access the number of shards per index and run ElastAlert on this number. However, as far as I know, ElastAlert scans only the _doc section of indices, and not _stats or _settings .
As written in the docs of Elasticsearch module of Metricbeat, there is a elasticsearch.cluster.stats.indices.shards.count field which lists the number of shards for the whole cluster :
elasticsearch.cluster.stats.indices.shards.count
type: longTotal number of shards in cluster.
I wonder if there is something similar to that but for each index ? If not, what are the possible workarounds?