Hello,
How can I alert based on conditions across a variety of different data sources.
For example, I want to be alert if log.level: error x 3 from logs-* AND system.filesystem.used.pct >= 80% from metrics-*
Thanks,
Do you want to specify both the condition in one alert?
yes!
By correlating data between sources would allow to pinpoint the root cause of an alert.