I’m looking for a solution to following problem:
In ELK, I have to create an alert which will trigger - when an error field logged for an index is greater than 80% in last 30 mins The field name is status and it takes info and error as values. I need to get the count of these fields for last 15 minutes and calculate percentage of errors based on that
Count of errors/total counts.
Hi @Rahul_Miragi Welcome to the community.
I believe what you are looking for can be created using a logs threshold alert with a ratio. See here
One thing to remember is to configure your log source see here
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.