We would like to alert when there is a heartbeat missing in our logs and we would like to create a visualization for the status of our connections. We know a heartbeat is successful when we log a string in our logs. There are multiple heartbeats spread across multiple log files. We have not created a predetermined list of connections and nor do we have a map for our log file naming conventions. We would expect one connection per log file.
The strings within a log file are:
35=A is a login
35=5 is a logout
35=0 is a heartbeat.
What's the general approach we can take for this type of monitoring? I'm comfortable enough with the Query DSL, Visual Builder, and Watcher but have yet to figure out how to visualize or alert when there is an absence of something for a time series.
If you expect a heartbeat every (eg) 1 minutes, then you can simply check the last 90 seconds (just to give you a bit of room) and if there's nothing found generate an alert?
The challenge is that I'm not sure whether there's a way to get current values to compare whether one is missing. Or if I need a whiteliist, I'm not sure how to visualize missing data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.