Greetings,
Is there a way to be alerted when a set of hosts that were sending logs suddenly stop?
The ideal scenario would be to be automatically alerted (by email, or a visual alert in Kibana) when this happens. It is important for me to know when there are gaps in log reception.
Currently testing with a local installation of ELK 7.6
Thanks in advance
You can do an alert on "Count" of docs for the last interval (whatever interval you need). Let's say you have 100 log events per 10 minutes, you can put an alert for when the count goes lower than that over the last 10 minutes.
Thanks @Marius_Dragomir for the reply!
You can do an alert on "Count" of docs for the last interval
That's using Watcher right?
Also, is there a way to "query" or "flag" for doc count = 0 when building a TSVB visualization?
Thanks!
That is with watcher/ alerting(in newer versions of kibana, more user friendly 
)
Other than displaying them as 0 there's nothing else you could do in TSVB.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.