Is it possible to define multiple conditions in an alert? Based on this documentation (Alerting | Kibana Guide [8.5] | Elastic) it doesn't appear to. I would like to trigger an alert when 2 conditions are met. I want to query one index in one condition and query another index in the another condition. For example lets say I have one index that receives event logs of when items are processed from a queue. Then I have another index that has metrics of many items are in the queue. I would like to generate an alert if processing_rate < 1 for last 5 mins AND queue_count > 100 for last 5 mins. Is this possible to do in the UI or in the API?
My only thought is using the Elasticsearch query rule type, using an index pattern that uses both indices, and then come up with a query which satisfies your constraints. Both indices would need to use the same time field.
Beyond that, the Metric Threshold rule type may be appropriate, but the Observability rule types expect your indices in a certain shape, so this may not be appropriate.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.