Please help me to understand the best way to create the log stoppage alert for critical servers. It should be index specific.
For example: Index "A" contains 3 Firewall device logs- fw1,fw2,fw3
Need to get the email alert if Elasticsearch stop receiving logs from any of the 3 firewall logs for last 10minutes.
Can i use Security>detection>Threshold Rule type for this OR
Please help me with a sample.
Thanks in advance