Alerting on documents with 2 conditions

Chris_Meyer · December 27, 2018, 4:04pm

Thanks for the reply Igor! I think that is exactly what I'm looking for, I'm just running into syntax errors now.

"bool" : {
          "must" : [{
            "match": {
               "event_id": 4776
            }
          }], { **<--- Marked as bad string**
            "match": {
               "keyword": "Audit Failure"
            }
          }]          
}

I'll keep troubleshooting, I'm sure its a JSON syntax error somewhere.

Topic		Replies	Views
Setup Elastic Watcher Alert to match two message strings in a log Elasticsearch elastic-stack-alerting	4	570	April 3, 2023
Watcher Kibana : How can i use double condition in a "compare" Elasticsearch elastic-stack-alerting	7	6241	April 4, 2019
Watchers: querying for multiple strings in timeframe Elasticsearch elastic-stack-alerting	2	1025	August 20, 2020
Watcher alert for matching multiple fields in same index Kibana elastic-stack-alerting	3	1036	June 29, 2021
What should i do to trigger a watch only when condition matches to a certain requirement Elasticsearch elastic-stack-alerting	7	644	June 6, 2018

Alerting on documents with 2 conditions

Related topics