Hello I hope this is the correct category for my question and I wonder if this is even realisable in elastic.
I want to create a custom visualisation for monitoring our interfaces as following:
With filebeat I read the .log files and in case there is a special keyword (i.e. Error) inside the Logs the Visualisation will turn to red and even a mail will be send. Once the Logfiles are archived and the interface is restartet this will turn to green again. Currently we use incinga to monitor on the same way. Of course if you have a better way I am open minded.
@mralladin have you checked Elastic Observability? In the Logs application, you can set up Alerts based in different conditions, triggering different types of actions including sending emails.
A screenshot taking data from packetbeat to email if there are any DNS requests to mail.google.com over the last five minutes, checking every minute
If you want to create your own visualization I guess you can combine Transforms to create an aggregation of the search for your keyword and then create a Dashboard or Canvas that presents the result of that aggregation. The tricky part (that Kibana Alerts handle) is how to handle the "restarting" logic.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
