Can Watcher do this (Dynamic threshold)

MalfuncEddie · February 14, 2019, 12:48pm

Hi,

I'm looking to use a watcher that does the following:
Compare the error/succes rate of the last 5 minutes to the last 10 minutes. if there is a drop or spike an action is fired. (based on https://www.elastic.co/videos/watcher-lab-creating-alerts-with-dynamic-threshold)

I've got an index that is populated with Apache logs.
I want to know if the percentage of 4xx response codes spikes during the day.
Does anyone have an example that can get me started? The video puts me on the right track but I am stuck.

Any help would be appreciated

spinscale · February 15, 2019, 9:00am

The most important thing is to get the two aggregations right. The shard video contains those aggregations/sample queries. Is there any issue with those with your dataset that you cannot reuse them? Maybe you share your example based on that and we work from there?

--Alex

system · March 15, 2019, 9:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using Anomaly Detection in Watcher Threshold Setting Elasticsearch	1	91	May 6, 2024
Spike detection in elasticsearch Elasticsearch elastic-stack-alerting	5	3693	July 6, 2017
Watcher Alert Condition Elasticsearch elastic-stack-monitoring , elastic-stack-alerting	4	392	August 18, 2020
Elasticsearch indexes - watcher notifications Elasticsearch elastic-stack-alerting	9	1574	September 15, 2017
New to Watcher and trying to find examples Elasticsearch elastic-stack-alerting	3	503	June 28, 2018

Can Watcher do this (Dynamic threshold)

Related topics