Hello,
I am pretty new using Watcher. I saw some examples but I couldn't find what I wanted.
I have query like:
layers.arp.arp_arp_src_hw_mac:"00:b6:44:11:3a:61" or _index
I want to generate an alarm every time this mac is plugged into a query.What like condition should I write?
Have a nice day.
It sounds like you're trying to create an alert based on queries that are being sent to Elasticsearch- I'm not sure that kind of trigger is supported.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.