we had meet some linux filesystem error recently,a troublesome thing is that Linux will log a large number of the same logs at a certain point in time.like this:
Well If you use a Kibana alert and only set it to notify on status change you will only get one email until the condition clears then you'll get another email saying it's clear.
That is probably how I would approach the alerting side of it.
Kibana Alerting
You could probably use a log threshold alert
And notify only on status change
Only on status change: Actions are not repeated when an alert remains active across checks. Actions run only when the alert status changes.
thanks for your suggestion, we will test it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
