I have a few Elastic-Agents working on metric collection but we got a problem for when one of them goes down. I know so far that there's an alerting option for metrics/logs threshold but I'm not sure about how to set an alert for when there's missing data.
It would be great to have some ideas on this topic.
Best regards!
Would a new terms query in the detection rules be an option?
You could query for the status offline and use new term aggregation on host name.
If you collect system metrics you can just create a metric alert and there's an option to be alerted when it stop sending data.
But seems like there should be an easier way.
I also saw this
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.