Can Watcher do this (Dynamic threshold)

MalfuncEddie · February 14, 2019, 12:48pm

Hi,

I'm looking to use a watcher that does the following:
Compare the error/succes rate of the last 5 minutes to the last 10 minutes. if there is a drop or spike an action is fired. (based on https://www.elastic.co/videos/watcher-lab-creating-alerts-with-dynamic-threshold)

I've got an index that is populated with Apache logs.
I want to know if the percentage of 4xx response codes spikes during the day.
Does anyone have an example that can get me started? The video puts me on the right track but I am stuck.

Any help would be appreciated

spinscale · February 15, 2019, 9:00am

The most important thing is to get the two aggregations right. The shard video contains those aggregations/sample queries. Is there any issue with those with your dataset that you cannot reuse them? Maybe you share your example based on that and we work from there?

--Alex

system · March 15, 2019, 9:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.