Good evening, everyone.
So i just enabled alert rules and connectors to send {{context.reason}} in elasticsearch 8.4.
since we know alert only triggers when the requirements are met, is there anyway i could do to send notification/alert continuously via email/teams/webhook?
for example, i want the alert to be sent to webhook every 5 seconds about CPU usage.
The 2nd Question would be, do i need to use alert or watcher?
Thanks!
Hello, Ju Ha, thanks for writing in.
If you need the data sent outside of Elastic and have it ingested already, a Rule that has the notify 'on a schedule' option set would work to run every 5 seconds, and if you set the parameters of the action trigger to be so low (greater than or equal to zero) as to always trigger an alert (depends on the index used in your query), then it should send a notification out every approximate 5 seconds.
In the next release this will be even easier as we have exposed a setting to stop filtering out existing documents from the threshold query. If it proves painful in 8.4, perhaps the imminent release of 8.5 will help (that new setting).
To your question, I recommend trying Rules for this, as Watcher (while fairly powerful) was challenging for some to setup and is in a 'maintenance' mode basically where it isn't being developed with new features etc, however, if you wanted to try it out, you are welcome to.
Regards,
Eric
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.