Feasibility to send alerts only if consecutive errors are occurred using elastalert

prathameshdvk · August 23, 2023, 1:51pm

Hi All,

I am trying to setup alerting using elastalert and I am trying to achieve below scenarios.

scenario 1: Send alert if there are 3 consecutive 400 errors. (Which is working fine)

scenario 2: Do not send alert if we get any 200 or success between 3 4xx errors.

Is there any feasibility to do this in elastalert?

Christian_Dahlqvist · August 23, 2023, 4:04pm

Elastalert is not supported here so I would recommend reaching out to the Elastalert community or the creators.

vishalk663 · September 12, 2023, 6:48am

Thank you for the reply

Is there any method in elasticsearch to search 3 consecutive 400 errors in specific timeframe without any other 200 responses.

vishalk663 · September 12, 2023, 1:34pm

Actually, we want to check any method or any way is available to search for the below scenarios in elasticsearch

it's possible to exclude matches for 5 consecutive 500's when it's interrupted by a 200:

No match: 5 5 5 2 5 5
   Match: 2 5 5 5 5 5
   Match: 5 5 5 5 5 5

it's possible to exclude matches for 3 consecutive 400 when it's interrupted by a 200:

No Match: 4 4 2 4
No Match: 2 4 4 2
   Match: 4 4 4

system · October 10, 2023, 1:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Error Alerting - Filter Similiar Error Messages \| Similarity Query [Elastalert] Kibana	3	529	February 26, 2021
About Elastalert errors Elasticsearch	2	460	May 1, 2023
Log alert using elastic search Elasticsearch	2	2222	June 13, 2018
Split Alert Message in Elasticsearch Query type Alert Elasticsearch painless	1	237	March 10, 2023
Kibana alerts to notify only if the error persisted in the last 1 hour Kibana elastic-stack-alerting	4	662	January 19, 2023