How to get e-mail notification with log file path og log file hostname

amiraliw · September 10, 2021, 1:43pm

Hi
I am very new in elasticsearch and kibana.
I have elasticsearch and kibana on the same on premise server. And filebeat agents are installed on several other servers (on premise). These agents send logs to elasticsearch. (There is no logstash)
How I can get an e-mail notification when some specific string like "error" or "warning" is logged?
Since there are several log files, I need the log file path, the log file server and the message which contains that specific string in the e-mail.

I tried to create log threshold and Elasticsearch query but I did not get the mentioned informations in e-mail. I dont know if I did correctly.

ying.mao · September 27, 2021, 12:40pm

Hi @amiraliw! I believe you should be able to get this information with the Elasticsearch query rule, which allows you to access the matching documents inside the context.hits action variable.. The docs give an example of how you would access the fields inside context.hits but if you need additional guidance, please provide a sample document and a sample rule configuration. Thank you!

system · October 25, 2021, 12:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.