Alerting Feature

Coyz · April 22, 2021, 3:38pm

Hi,

I would like to alert by mail when a specific term appeared on a index.

Example for windows event log

I don't think it's possible right now ? Is there any plan to support that features ?

Thanks

Felix_Roessel · April 22, 2021, 5:07pm

It is possible using the Log threshold alert type. But to send a Mail you need to Switch to a gold license First

Coyz · April 23, 2021, 9:36am

You are right, i need first to change the index in Observability => Log => Settings

I put ecs-* on index settings, so i cannot specify and specific index for an alert log ?

I have a lot of index type behind ecs-, i'm affraid it can affect elasticsearch performance

Thanks

Felix_Roessel · April 23, 2021, 10:06am

Using index threshold you can configure the index directly in the alert.

Coyz · April 23, 2021, 11:45am

I'm in 7.11.1 so Index threshold don't look what i need (send an alert for a specific event).

But it in 7.12 there is a new feature called "Elasticsearch query alert" What’s new in 7.12 | Kibana Guide [7.12] | Elastic and it's look like this feature matches my needs

Thanks for your help!

Topic		Replies	Views
Kibana alert on index threshold Kibana	8	1451	April 23, 2021
【Please share info】Plugins and OSS for implementing alert functions in kibana (elasticsearch) version 7 series Kibana elastic-stack-alerting	1	261	May 1, 2023
Send email alerts if log level == ERROR in more than one index Kibana elastic-stack-alerting	6	3209	November 7, 2021
Create a new index to store alerts Elasticsearch elastic-stack-alerting	9	1361	September 2, 2020
Elasticsearch mail Alerts via index Connector Elasticsearch elastic-stack-alerting	6	604	May 2, 2023