Hi
I'm looking for help with logstash configuration
We have filebeat on the target servers which reads the log lines and sends to logstash installed on another central server. The logstash further filters the lines based on the configured error keywords and sends email
Requirement:
If similar or same type of errors are printed continuously for a particular time period only 1 notification should be sent for those set of errors. Please let me know If there is any such configuration available in logstash to set threshold either on number of lines or time frame. Any help in this regards really appreciated
Logstash version currently installed is 6.5.3