Hi,
Please help to create a log stoppage alert for critical devices using machine learning.
For example: Index "A" contains 10 Active directory server logs.
Need to generate an email alert if Elasticsearch stop receiving logs from any of the 10 AD servers IPs for last 10minutes.
Thanks in advance.
Hi Thank you @richcollier for sharing the above details.
Still i am not able to create the advanced ml job to alert the low event rate on each AD servers. I have doubt on adding the terms aggregation(hostname) in ml job.
Is there any easier sample example to understand this?
Can do just a simple multi-metric job, pick the low_count function and pick the hostname as the split field
Thank you @richcollier for the swift response.
Above mentioned multi-metric will help only to detect the low event rate right? what if one of the host stopped sending logs? will this multi-metric detect that?
For example: Index "A" contains 10 Active directory server logs.
Need to generate an email alert if Elasticsearch stop receiving logs from any of the 10 AD server IPs for last 1hour.
Thanks in advance
A host stopping sending logs IS a "low event rate" 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
