I believe their are two types of alerting
-
Schedule Alert - Specify conditions for triggering the alert based on result or result field counts. When a set of search results meets the trigger conditions, the alert can trigger one time or once for each of the results {i am doing it using Watcher}
2.Real Time - Searches continuously,
- Per-result: Triggers every time there is a search result, Specify a time period and optional field values for suppression.
- Rolling time window: Specify conditions for triggering the alert based on result or result field counts within a rolling time window. For example, a real-time alert can trigger whenever there are more than ten results in a five minute window. Specify a time period for suppression is possible,
I am looking for second type of alerting mechanism. i know that elasticsearch do the real time searching and near real time searching but how i can automate it.