Hello,
We have requirement , where we need to monitor for user activity on periodic basis.
We will have this information in our log file .
FOr example:
User has accessed some page in the application. This will be logged on logs and we want to trigger email when the same user access the same page ( more than 5 times ) within 5 mins.
How to configure this in logstash config file
This use-case is better matched to Watcher rather than logstash.
If you really need to do it in logstash then you could use a metrics filter with the meter option. If [thing][rate_5m] gets above 0.016 then you have more than 5 events in 5 minutes. However, this could result in logstash tracking a monstrous number of metrics.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.