Kibana Alert When No Metricbeat Data - to include hostname

abidub · July 19, 2022, 4:15pm

Hi there,

I would like to receive an alert when any of the hosts that I have Metricbeat installed on, now longer reports in data, for whatever reason (it could be stopped, server is turned off etc.).

I want to avoid having to maintain an inventory list of servers I have installed Metricbeat on.

I know I can do an elastic query to check of metricbeat returns any hits for a particular server/servers, but is there any clever way to configure a simple alert that just tells me Metricbeat has no hits from a [hostname(s)], without me having to provide the hostnames to query.

If I do need to provide the hostnames, I am having trouble in returning that hostname in a watcher payload because hits = 0.

Any direction appreciated

Thanks

Marius_Dragomir · July 23, 2022, 5:31pm

You can use Alerting instead of Watcher. This allows you to configure a Log Threshold rule something like this:

Just replace the field names and intervals to what fits your data. For example instead of machine.os.keyword, use hostname and for geo.src use a field in the metricbeat documents that will always be there.

abidub · August 6, 2022, 12:11pm

Thank you! That worked great

system · September 3, 2022, 12:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No data Alert Kibana	19	1511	August 25, 2023
Need help with creating Kibana Alert Elasticsearch elastic-stack-alerting , elastic-stack-sql	9	1525	May 17, 2021
No alert on missing data - Kibana Kibana elastic-stack-alerting	3	862	July 6, 2022
How to see system host missing value on kibana dashboard Beats elastic-stack-monitoring , metricbeat	5	709	May 23, 2019
Alerting on no data with a specific rule Kibana elastic-stack-alerting	0	102	April 12, 2024

Kibana Alert When No Metricbeat Data - to include hostname

Related Topics