Hi everyone,
I was wondering if there is a configuration option in Filebeat to do alerting when it is about to send a log over to logstash?
Thanks,
Neil
Hey,
can you clarify what you would like to do trigger with this alert? If this is about triggering based on data being read, than the regular alerting feature looks like what you need. See https://www.elastic.co/what-is/elasticsearch-alerting and https://www.elastic.co/guide/en/elasticsearch/reference/current/watcher-getting-started.html
--Alex
Hi Alex,
I have made the following change filebeat.yml:
"include_lines: ['WARNING']".
And the goal was to alert an when filebeat finds a log containing this error and not have to specify an index, source or regex again etc.
Could I send the logs from this specific filebeat instance to a new index and make watcher alerts to watch only that index?
Thanks
Neil
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.