Alerting - Filter Query not working

erikg · November 15, 2024, 3:20pm

Hello,
I was testing out the Metric Threshold to alert on disk usage.
I want to exclude some hosts from the alert, but I seem to get this error

stephenb · November 15, 2024, 3:40pm

Hi @erikg

I see the same thing on 8.15.3 (what version are you on?) it is trying to tell you it does not like that filter I am not sure why that does not work

But I solved it by just using the KQL syntax in the KQL bar right there in this form

not host.name : (hostname-1 or hostname-2)

erikg · November 15, 2024, 3:44pm

Hey @stephenb
Yes, same I am on 8.15.3

Thanks for the workaround, I kind of hate writing in KQL syntax in the KQL bar because if I want to continue to exclude hosts, it will be an endless string

stephenb · November 15, 2024, 3:59pm

Perhaps you could consider some tagging mechanism on the hosts to exclude a group of hosts.

The filter button creates a long string in code under the covers as well .... not sure why the filter does not work, you could open an Issue against the Kibana repo.

Topic		Replies	Views
Need help with creating Kibana Alert Elasticsearch elastic-stack-alerting , elastic-stack-sql	9	1532	May 17, 2021
Unable to setup an alert on log data not received from host for last 1 hour Elastic Observability elastic-stack-alerting	3	1177	November 4, 2022
Problem with threshold alert and index connector Kibana elastic-stack-alerting	6	201	May 4, 2024
Using kibana alerting with filters Kibana elastic-stack-alerting	2	1463	February 2, 2021
Alerting Issue - Can't Save Rule after turning off Match Query Kibana elastic-stack-alerting	0	11	August 13, 2024

Alerting - Filter Query not working

Related topics