Hi
I used rsyslog to send log to ELK, like this guide How To Centralize Logs with Rsyslog, Logstash, and Elasticsearch on Ubuntu 14.04 | Elastic
Then I used grok to pars log's messages in logstash.conf
Now I want to create Alert, but I can't used logstash-* index in "Log threshold" filter.
What should I do?
It is necessary to mention i can use this filter in discovery section
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.