How to use watcher to detect if logs are missing

Elastic Stack Kibana
1

Hopefully I'm wording this correctly, here is what I'm trying to do, not sure where to start :wink:

I have these 4 servers, each with respective log paths and log files, I want to watch

server1
/app1/webappA/logs/mywebapp1.log
/app1/webappB/logs/mywebapp2.log

server3
/app1/webapp3/logs/mywebapp3.log
/app1/webapp4/logs/mywebapp4.log

server4
/app1/webapp5/logs/mywebapp5.log
/app1/webapp6/logs/mywebapp6.log

How would I do a watcher that checks these servers/log locations and if (the last ingested) log files is older than 24 hours from now, it sends an alert?

Reason for doing this, is that if the logs are older than 24 hours, then probably there is an issue with log ingestion (filebeat or logstash died)

I'm consumer of the ELK/watcher service...

I don't manage ELK or have access to the ELK Stack infrastructure
so this would be indirect way to determine if log ingestion is not working

2

Hello,

I would start with the newer Alerting option instead if possible. :slight_smile: I think you'll find the interface highly intuitive. Your workflow might looks something like this:

  • Set up a filebeat to consume logs on a regular interval
  • Set up an alert to monitor index containing log data based on some predefined threshold or condition
  • Get periodic updates via whichever actions you've specified (email, slack, etc.)

Hope that helps!

Regards,
Aaron

3

Hi,

I am not sure I understood what exactly you are trying to do. Do you want to set Kibana or Elasticsearch alerting for this particular use-case (you would need some access to the stack then) or do you want to set up your own?

duc00

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.