Hello and thanks in advance.
I have a group of 100+ hosts with winlogbeat installed and sending events to elasticsearch cluster.
Is there any options to generate an alert (on security or any other page) when one or group of hosts stop sending events to elasticsearch within a given period of time?
@stephenb still not sure how to trigger an alert only if a group of several hosts (5 out of 100) stop sending events.
When you use the group buy / grouped over function that looks at each host separately. So all 100 hosts will be analyzed individually.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.