Hi
i am using ES Cloud 7.15.1
i am getting log data from my website .
now i want to write alert for that data ,
for example if status code =500 and error = xyz , send the email .
i trying using alert from security section but when i creating the rule for my index its not returning any result , its always say 0 hit .
but we have data for that filter in discover section.
When I try creating a rule in Security I'm getting the same results as you. I expect a hit on my query but get 0 hits.
We might need more info on your exact rule, but I think there are different options for rules under Security than there are under Stack Management > Rules. You might need to use the rules in this section;
I'll try to figure out why the same test in the security rules doesn't work, but hopefully this can get you going.
Tip: I did my query in Discover and then used the Inspect menu to look at the request. You really don't need or want the entire request but it's a starting point if you don't know exactly how to write the query.
hi @LeeDr
thanks for your input ,
i able to create rule and connectors , but now problem is my rule only trigger 1 time when i disable and enable the rule , after that its not triggering . please help me on this .
this is my setting -
To avoid this, you should set your window size the same as your "Check every" interval. Currently you are checking every minute for the last 5 days, which means you will run across the same matches in every rule run, but they will be de-duplicated. Can you set your rule to check every minute over the last minute?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.