I want to set up an alert that triggers whenever one of my APIs returns a 500 error. This doesn’t really fit into the usual active/recovered/flapping model since it’s more of a single event rather than something that stays active or recovers.
One idea could be to have the alert automatically create a case for each occurrence—but I’m not sure if that’s a good approach.
How do others typically handle alerts for events where you don’t want them to disappear as “recovered”? Any suggestions?
Hello @nilsen
I understand your scenario about checking an API => 500 , means an alert will be created. In next execution if it does not match the criteria the alert will be recovered but you want this to stay as Active, right? I do not think this is possible at rule level in kibana.
Generally the Action part is integrated to Ticketing Tool in your org by which when the alert triggers a ticket will be created in your ticketing tool & even if the alert is recovered you still have a ticket with you in your ticketing system.
Thanks!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.