I am looking to build a logging solution and wanted to make sure that I am
not missing any key components.
The logs that I have are currently stored in a database which there is
limited access due to locking risks from bad queries.
My plan is to have the dba's write the logs from the database tables to a
file on a set interval then have logstash pick up the logs and write it to
elastic search. Then for viewing/searching the logs I will be using
kibana. Everything up to this point I have been able to make a proof of
concept for but the other request was to have alerting.
I have spent some time looking at this and the general response seems to be
to use percolation, but that seems to only make sense if you want to send
an alert if you receive a single error that matches a query and from what I
have seen there is no way to a threshold alerting system using percolation.
My thought to solve the threshold alerting is to create a simple web UI
that allows the user to enter in a query to search for, a threshold, a time
frame, and emails to send the alert to that would get stored in elastic
search. Then an app (Running as a windows service or cron job) that pulls
the alerts and then runs the queries and checks the time-frame and
threshold (Would run on some interval). If the count surpasses the
threshold then it would send an email to values stored in the email
I know that SPM seems to cover this and move but we are currently looking
to see if we can do this without buying another product.
Is this the correct approach to take or should I be looking at doing
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ce1cb3cc-e974-4b3b-8568-a2afaaae6c00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.