Log threshold alert

Ronin · August 17, 2020, 9:09pm

We are attempting to make a Log Threshold alert, however it is sending alerts when it shouldn't be. The query we are trying to alert on is labels.application: "theapp" and message: "*limit request headers fields size*". Inside the log threshold alert we have:

WHEN more than or equals 1 log entry
WITH labels.application IS theapp
AND message MATCHES PHRASE limit request headers fields size
FOR THE LAST 10 minutes

Is there any documentation for the different types of alerts you can make? On https://www.elastic.co/guide/en/kibana/current/alert-types.html it only details the index threshold.

Kerry · August 20, 2020, 12:27pm

Hi @Ronin,

Sorry to hear you're having problems with log alerts.

The documentation for log alerts exist here, however they are limited at the moment. We are due to expand these soon.

The MATCHES PHRASE comparator uses a match phrase query for querying data.

It looks like you want to use a wildcard query instead, unfortunately this isn't supported yet, but we do have a ticket for it. I can't guarantee when it will be placed on the roadmap, but it's becoming a highly requested feature.

system · September 17, 2020, 12:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alerting based on the keyword in logs Logs elastic-stack-alerting	4	7467	February 3, 2021
Need help with creating Kibana Alert Elasticsearch elastic-stack-alerting , elastic-stack-sql	9	1532	May 17, 2021
Kibana alert Kibana elastic-stack-alerting	1	246	December 22, 2022
Creating alerts in Kibana for a specific query Kibana elastic-stack-alerting	5	842	November 1, 2020
Kibana Elastic Search Alerting not firing Kibana elastic-stack-alerting	2	489	July 27, 2021

Log threshold alert

Related topics