Feasibility to send alerts only if consecutive errors are occurred using elastalert

prathameshdvk · August 23, 2023, 1:51pm

Hi All,

I am trying to setup alerting using elastalert and I am trying to achieve below scenarios.

scenario 1: Send alert if there are 3 consecutive 400 errors. (Which is working fine)

scenario 2: Do not send alert if we get any 200 or success between 3 4xx errors.

Is there any feasibility to do this in elastalert?

Christian_Dahlqvist · August 23, 2023, 4:04pm

Elastalert is not supported here so I would recommend reaching out to the Elastalert community or the creators.

vishalk663 · September 12, 2023, 6:48am

Thank you for the reply

Is there any method in elasticsearch to search 3 consecutive 400 errors in specific timeframe without any other 200 responses.

vishalk663 · September 12, 2023, 1:34pm

Actually, we want to check any method or any way is available to search for the below scenarios in elasticsearch

it's possible to exclude matches for 5 consecutive 500's when it's interrupted by a 200:

No match: 5 5 5 2 5 5
   Match: 2 5 5 5 5 5
   Match: 5 5 5 5 5 5

it's possible to exclude matches for 3 consecutive 400 when it's interrupted by a 200:

No Match: 4 4 2 4
No Match: 2 4 4 2
   Match: 4 4 4

system · October 10, 2023, 1:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.