I need to monitor a List of Host [IP Address List] those are not reporting logs to elasticsearch,
please suggest a better way to achieve it. i just want to get an alert if any of the host "In a List" not sending logs to elasticsearch since 5 minute, Threshold watch do not allow me to define a List of IP address.
Since you mention watches I am guessing that you have X-Pack. Do you have X-Pack ML available? Such a job should be able to be configured with ML.
At one of my projects in the IoT space we ingest data into Kafka before it makes it to Elasticsearch. A Kafka streams apps is used to detect sensors that have gone silent and provide alerting. This same method can be easily applied to logs.
Depending on your architecture there could be multiple options.
Hi Robert,
I have X-Pack but do not have ML in my subscription Licence. please suggest something if i can do with watcher. right now i am trying a simple "terms" query but not able to return specific value for which query do not finds logs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.