Alerts issue

tapiojaa · September 26, 2024, 12:11pm

I'm trying to configure an alert that when certain word is found, email is sent. Email connector is configured and test email works. My rule looks like this:

{
    "query":{
      "match" : {
        "message": "client unexpectedly closed TCP connection"
      }
    }
  }

When I click "Test query" button, it will find documents
"Query matched 258 documents in the last 3h."

I've scheduled to run query every 5 minutes.

Action is to use Email connector.
Action frequency: For each alert = On check intervals
Run when: Query matched
If alert matches a query option is selected. I wonder what "a customer query is required" warning means! Custom query is defined earlier!!

Then there is email address, subject and message

I can see that rule runs fine, but ít doesn't generate any alerts

stephenb · September 26, 2024, 10:20pm

Hi @tapiojaa

I think you need to share the version you are on then the complete configuration of the alert including the query and screen shots of the configuration and where you are the error.

There is not enough detail for us to help.

tapiojaa · September 27, 2024, 11:55am

Hi, I figured out what was the issue. Threshold values were too big

Topic		Replies	Views
Kibana alerting message with query results Kibana	7	2715	March 18, 2021
Alerting Issue - Can't Save Rule after turning off Match Query Kibana elastic-stack-alerting	0	10	August 13, 2024
Alerting with mail Kibana elastic-stack-alerting	3	273	May 16, 2023
How to create email alerts in kibana Elasticsearch	12	4333	August 15, 2023
Alert and connect mail format error SIEM	10	1007	April 30, 2021

Alerts issue

Related Topics