Kibana Elastic Search Alerting not firing

scrappedprince · June 18, 2021, 2:59pm

0
Hi All,

I am currently working on Kibana Alerting and what I wanted to perform is basically "Log threshold".
Please see attached for the details of the alert rule.

I wanted to match phrase of the word "warnings" on the field "message". However, when i saved it, the alarm is not "Active" status went from active to OK. When i removed the AND message MATCHES PHRASE "warnings" that's when the alert is going to be in Active Status and is firing Anyone knows what is wrong with my ruling?

Thanks in advance!

Patrick_Mueller · June 29, 2021, 1:56pm

Is it possible you're trying to match a different field, and not message?

Have you tried using matches and not matches phrase?

The behavior you're seeing seems to indicate that it is finding docs matching the condition when it's "Active". When it changes to "OK" that means it is no longer active - but was previously (we will be renaming "OK" to "Recovered" in a future release).

Topic		Replies	Views
Kibana Alerting Missing Issue Kibana elastic-stack-alerting	4	837	December 10, 2020
Kibana rules/alerts "If alert matches a query" not working for custom fields Kibana	1	414	October 19, 2023
Kibana multiple conditions not working Kibana elastic-stack-alerting	1	439	July 29, 2021
Kibana alert Kibana elastic-stack-alerting	1	336	August 9, 2022
Need help with creating Kibana Alert Elasticsearch elastic-stack-alerting , elastic-stack-sql	9	1687	May 17, 2021

Kibana Elastic Search Alerting not firing

Related topics