Log threshold alert

Elastic Stack Kibana
1

We are attempting to make a Log Threshold alert, however it is sending alerts when it shouldn't be. The query we are trying to alert on is labels.application: "theapp" and message: "*limit request headers fields size*". Inside the log threshold alert we have:

WHEN more than or equals 1 log entry
WITH labels.application IS theapp
AND message MATCHES PHRASE limit request headers fields size
FOR THE LAST 10 minutes

Is there any documentation for the different types of alerts you can make? On https://www.elastic.co/guide/en/kibana/current/alert-types.html it only details the index threshold.

2

Hi @Ronin,

Sorry to hear you're having problems with log alerts.

The documentation for log alerts exist here, however they are limited at the moment. We are due to expand these soon.

The MATCHES PHRASE comparator uses a match phrase query for querying data.

It looks like you want to use a wildcard query instead, unfortunately this isn't supported yet, but we do have a ticket for it. I can't guarantee when it will be placed on the roadmap, but it's becoming a highly requested feature.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.