Alerting based on the keyword in logs

v_anil · January 6, 2021, 8:24am

Hi ,

Is there anyway we can configure an alert based on the keyword in the logs, and alert them if we found more than threshould.

for ex: If the logs contain "Exception or ERROR" more than 10 times in last 2 min , i want to send an alert with the pod name and the logs message.

Currently i am using kibana 6.8 , but yeah i know the current version is not supporting the alerts. I just wanted to make sure the above alert is possible to setup. If yes then i will upgrade the elasticsearch and kibana.

Can someone please suggest whether it is possible or not..? if yes is there any doc that i can follow..?

borna_talebi · January 6, 2021, 9:36am

Hi,
I think you can use the Threshold rule for your scenario.

Kerry · January 6, 2021, 10:35am

Hi,

If you were to upgrade you’d be able to use a Log threshold alert for this functionality.

v_anil · January 6, 2021, 5:16pm

@borna_talebi and @Kerry thanks for your valuable options.

Log threshold worked.

system · February 3, 2021, 5:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Alerting Kibana	5	521	July 28, 2020
Kibana alert Kibana elastic-stack-alerting	1	246	December 22, 2022
Alerts based on increase in logged value, rather than specific threshold Kibana elastic-stack-alerting	3	1109	February 15, 2021
Alert based on content of message Elasticsearch	3	1142	September 12, 2018
Kibana alerting: log threshold using OR Kibana elastic-stack-alerting	2	628	July 7, 2021

Alerting based on the keyword in logs

Related topics