Alerts issue

tapiojaa · September 26, 2024, 12:11pm

I'm trying to configure an alert that when certain word is found, email is sent. Email connector is configured and test email works. My rule looks like this:

{
    "query":{
      "match" : {
        "message": "client unexpectedly closed TCP connection"
      }
    }
  }

When I click "Test query" button, it will find documents
"Query matched 258 documents in the last 3h."

I've scheduled to run query every 5 minutes.

Action is to use Email connector.
Action frequency: For each alert = On check intervals
Run when: Query matched
If alert matches a query option is selected. I wonder what "a customer query is required" warning means! Custom query is defined earlier!!

Then there is email address, subject and message

I can see that rule runs fine, but ít doesn't generate any alerts

stephenb · September 26, 2024, 10:20pm

Hi @tapiojaa

I think you need to share the version you are on then the complete configuration of the alert including the query and screen shots of the configuration and where you are the error.

There is not enough detail for us to help.

tapiojaa · September 27, 2024, 11:55am

Hi, I figured out what was the issue. Threshold values were too big

Topic		Replies	Views
Alerts and Actions - Connectors Kibana	2	459	June 27, 2020
Kibana alerting message with query results Kibana	7	2742	March 18, 2021
Alerting Issue - Can't Save Rule after turning off Match Query Kibana elastic-stack-alerting	0	11	August 13, 2024
Alerting with mail Kibana elastic-stack-alerting	3	273	May 16, 2023
I want to configure threshold alert if totaltime exceeds 500 then mail should sent to the User Elasticsearch elastic-stack-reporting , elastic-stack-alerting	8	822	October 9, 2020

Alerts issue

Related topics