Hello, I'm trying to configure a watcher in my elastic stack to show me alerts about windows events, however, I can only do general alerts and not specific events.
Is it possible in some way to make the alerts more specific?
Thanks for the help.
We have a number of examples you can look at right here - https://github.com/elastic/examples/tree/master/Alerting/Sample Watches
I have been looking at several of the examples but I can't understand how you can establish a condition as specific as the one I'm looking for.
I need a watcher that when it appears at least 1 event type 4652 warn. I can only notify when an event appears, but I don't know how to specify one.
I'm not very familiar with json's syntax and it's hard for me to understand some lines and how to modify them to do what I'm looking for and from the graphical interface it's not possible to specify a value for the event (at least for everything I've been testing).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.