Alerting in Filebeat?

neilp · October 11, 2019, 9:17pm

Hi everyone,

I was wondering if there is a configuration option in Filebeat to do alerting when it is about to send a log over to logstash?

Thanks,
Neil

spinscale · October 14, 2019, 10:07am

Hey,

can you clarify what you would like to do trigger with this alert? If this is about triggering based on data being read, than the regular alerting feature looks like what you need. See https://www.elastic.co/what-is/elasticsearch-alerting and https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-getting-started.html

--Alex

neilp · October 14, 2019, 6:24pm

Hi Alex,

I have made the following change filebeat.yml:
"include_lines: ['WARNING']".

And the goal was to alert an when filebeat finds a log containing this error and not have to specify an index, source or regex again etc.

Could I send the logs from this specific filebeat instance to a new index and make watcher alerts to watch only that index?

Thanks
Neil

system · November 11, 2019, 6:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alerting on Filebeat Beats elastic-stack-alerting , filebeat	4	605	May 30, 2019
Alerting on no log entires Logstash	2	832	February 26, 2020
Monitor/alert beats dropped events Beats filebeat , metricbeat	9	1332	November 4, 2022
Alerts for errors in internal elasticsearch/logstash log files Elasticsearch	2	500	December 26, 2018
Can filebeat alert if the log file is not updated or no fresh logs? Beats filebeat	3	891	March 1, 2018