ELK stack and monitoring/alerting

I am new to ELK stack. I guess, I understand ELK can be used for log
management. You can view the details on dash board using kibana etc.

however, one question, can we have an alerting system as an extension of
ELK stack ?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e84f3867-4736-4902-a765-0ef50d0924a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Only using 3rd party tools, you can get logstash to send data to
nagios/email/etc.

There is currently nothing within ES that lets you generate alerts out.

On 8 November 2014 03:48, Wish rsvishalrs@gmail.com wrote:

I am new to ELK stack. I guess, I understand ELK can be used for log
management. You can view the details on dash board using kibana etc.

however, one question, can we have an alerting system as an extension of
ELK stack ?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e84f3867-4736-4902-a765-0ef50d0924a6%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/e84f3867-4736-4902-a765-0ef50d0924a6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAF3ZnZkk3Yqzo%2Bt7TtTVEtNQ-GW_Kux-XCuZ%2B%2BmJ_oBJqL64tw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

As Mark says, there's nothing built in. Approaches that I've read about for
bolting alerting onto ELK:

1. Use Logstash to output to some other alerting pipeline, such as: email,
   Nagios, Riemann.
2. Write a cron job / scheduled task to run Elasticsearch queries
   periodically and take action based on the results. This is not part of
   Logstash or Kibana; you need to write it yourself. I believe the MozDef
   project has some code to do this: GitHub - jeffbryner/MozDef: MozDef: The Mozilla Defense Platform.
3. Write your own indexer that makes use of Elasticsearch percolators.
   Percolators allow you to match indexed queries against new indexed
   documents, which is kind of like alerting. Again, you'd need to write it
   yourself.

On Friday, November 7, 2014 9:48:41 AM UTC-7, Wish wrote:

I am new to ELK stack. I guess, I understand ELK can be used for log
management. You can view the details on dash board using kibana etc.

however, one question, can we have an alerting system as an extension of
ELK stack ?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9a5f17eb-0e2b-40ef-b668-45c5598accf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

You can do some simple alert in kibana. I'd try to use HTML5 notification
API to show alert on my big screen.

2014-11-08 5:02 GMT+08:00 Jay Swan sanjuanswan@gmail.com:

As Mark says, there's nothing built in. Approaches that I've read about
for bolting alerting onto ELK:

1. Use Logstash to output to some other alerting pipeline, such as: email,
   Nagios, Riemann.
2. Write a cron job / scheduled task to run Elasticsearch queries
   periodically and take action based on the results. This is not part of
   Logstash or Kibana; you need to write it yourself. I believe the MozDef
   project has some code to do this: GitHub - jeffbryner/MozDef: MozDef: The Mozilla Defense Platform.
3. Write your own indexer that makes use of Elasticsearch percolators.
   Percolators allow you to match indexed queries against new indexed
   documents, which is kind of like alerting. Again, you'd need to write it
   yourself.

On Friday, November 7, 2014 9:48:41 AM UTC-7, Wish wrote:

I am new to ELK stack. I guess, I understand ELK can be used for log
management. You can view the details on dash board using kibana etc.

however, one question, can we have an alerting system as an extension of
ELK stack ?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/9a5f17eb-0e2b-40ef-b668-45c5598accf6%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/9a5f17eb-0e2b-40ef-b668-45c5598accf6%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CABwsooj6wvpc9wLhE44h1p4aOpngNxJ80_o38ezCeh0AZLv7Ag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.