Hi,
we are using X-Pack Alerting to send notifications based on the health of some machines. We would also like to send notifications when a system is back up again after we have sent a notification. So there should be one notification when the machine goes down and also one when the machine goes up again, but only if there has been a notification sent on the machine going down.
We do have the data available in our monitoring index (custom data, not aggregated by X-Pack Monitoring) but I am not sure about the best way to check on the last execution state. I know I can query the history-Index for the last execution but I am not sure how to combine that with the monitoring data. I think for my case it would be nice to be able to have multiple search inputs (one for the monitoring data, one for the watch history) and one condition for each. The same should also be possible using two bool should clauses but that seems to be really ugly. Is there a way to achieve something like this? I am a bit surprised that there is no example for this.
Thanks!
Florian
