Hi all,
The log pipeline for our Linux systems is:
rsyslog => logstash => elasticsearch
We want to put something in place that would alert us if logs from any of our approximately 5000 hosts are not being indexed in Elasticsearch. I would imagine this is a fairly common need so was wondering if there are any best practices for this?
We have a Platinum on-premises licence FWIW.
Many thanks.
Definitely reach out to your Support Engineer about this one then 
You can setup an ML job to let you know if there is an unusual drop in logs from any given host, and then send you an Alert.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.