Hi Everyone, i have question regarding Kibana's Alerting feature. As we know, we could use 'Group by' to include field into the alert message. But i have trouble to include host.ip field.
Any Suggestion or workaround i can do?
PS: it's the same hostname. that's why i don't use host.hostname.
Hi @Ersin_Erdal,
Thank you for replying. is there any way i can do to use the IP address ? or is it recommended if i create runtime field from mapping or index template?
Thanks!
Hi @OmFJ
Sure, if you have control on your index and know which ip you should use from the host.ip array, you can create new a field out of it and use for grouping.
Hi @Ersin_Erdal
Thank you so much for the response. I will update this post once i get the result as soon as possible.
Once again, Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.