Hello,
I am relatively new to Elasticsearch and I have an interesting alerting use case. Assume I have a router with a layer of switches behind it. That layer of switches has a layer behind it and so on until we get to either an access layer switch or perhaps a host. I am monitoring the availability of each device in that tree. Lets pretend it 200 devices. If the router goes down I don't want to get 200 system down" alerts. I only want 1 alert for the router and I know the other 199 devices will be unavailable.
Is it possible to build this scenario with the tools available to Elasticsearch or would I have to build that logic outside of Elasticsearch. I think they key would be to somehow build that upstream <-> downstream relationship. Any ideas on how I could do this?
Thanks,
Tony