Hello everyone,
This issue should be resolved according to this post
I am using Elastic Cloud Stack v8.11.4.
I tried to do it but it doesn't alert me even though one of my nodes is off.
I tried to filter only my off-node and it says no data matches, run my rule but it is still not active.
There is this link that says it is working on his case.
Can anyone tell me what I did wrong? Basically what I want to do is to create an alert if a node has an issue sending data.
When you group like this, and no documents match, there won't be any groups to alert on. Index threshold can't really be used for this sort of alerting. I suggest you look at metric threshold or custom threshold rule types instead, which offer some options for alerting on "no data" conditions.
I have tried custom threshold.
Here is my setup
Custom threshold
But it still does not alert me when I purposely shut down one of my nodes.
The problem with the metric threshold is that it doesn't let me select data view and I need it to pinpoint which data that has trouble.
You might want to change your condition to something that will match some documents. I fear it's again matching nothing, so there's nothing to group over. You can set the alerting action to only fire on No Data, and not have one set on Alert, so you could change your condition to IS ABOVE 1, for instance.
Interesting, I have tried your idea. I set action on No Data and have the condition modified to be ABOVE 150. It alerts my healthy node as expected but the no data action doesn't run still.
Here is my action setting.
Can you show the full rule definition (screenshot(s))?
And presumably you've waited 2x the rule interval after one of the sources stops reporting, to make sure it won't return any data when it runs.
Yes, I have waited & checked on Discover on the metrics-* data view. In the last few hours, no data has been coming from the off-node.
Here is the full rule definition.
I think at this point you should open a bug so we can track this: Sign in to GitHub · GitHub
Post the issue # back here so we can label it up correctly.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
