Hi,
I have some data inside 6.3 ELK. I wanted to monitor a particular field called 'hostname' and the count of this field over time (for example past 24 hours), which is easy enough to do.
However is there a way to alert or show in a graph when a count increases by a large percentage in the past 1 hour for example.
To illustrate, I have a steady count of docs in ES, at 00:00 its 50 docs, at 01:00 its 100 docs at 02:00 its 120 docs and so on. What I want to monitor is if the count jumps over 100% in one hour.
Basically I want to detect higher number of requests than normal.
I hope I explained this well, please let me know if any more info required...
You can always use watcher for notification to trigger an email if the specific query returns more than expected count, but if you want to keep track on previous count and the present count i am not sure how to do it. but if you have fixed count and you want to get notified when the count got exceeded you can configure the watcher and below config might help you out.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.