How to create watcher email alert on a specific machine in lan?

Aftab_Ali · September 29, 2018, 11:04am

Dear Team,

I am happy to use watcher feature in kibana but I want to create an alert on a specific machine in my local network, I am able to get threshold email via SMTP gmail.com but I am not able to see a report of which machine had high utilization like CPU usage and memory usage, Please guide me how to do that.

Best Regards
Aftab Ali
E-mail - aftab70@ymail.com

richcollier · September 29, 2018, 9:14pm

There are some Watch examples in our "examples" GitHub repo. For example:

Aftab_Ali · October 1, 2018, 5:24am

Dear Richcollier,

Thanks for the reply, I want to select host name when creating a watcher alert, I do not want to apply watcher in all machine in the network, please guide me, i am new with elk.

richcollier · October 1, 2018, 1:06pm

Ah, understood. In that case, in the body of the search clause of Watcher's input section, just use the filter capability of elasticsearch's query DSL to select anything that you want. For example, to only consider data from a machine_name=webserver1:

...
                    "query": {
                      "bool": {
                        "filter": [
                          { "range": { "timestamp": {"gte": "now-10m"}}},
                          { "term":  { "machine_name": "webserver1"}}
                        ]
                      }
                    }
...

system · October 29, 2018, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.