Hi guys,
so i tried to setup a few simple Kibana Alerts combined with a log-connector.
I'm running Elastic-Stack 7.11 on 3 CentOS 7 Servers.
There was no problem in enabeling the alerts, but now when i try to create an Alert on my Winlogbeat-Index, i cannot see any of the fields used in the index in the dropdown menu.
I can see various fields from the fortinet-filebeat module or panw-filebeat module. But there are no winlogbeat.X Fields at all available to select. What do i have to to, to be able to access them just as any other field.
This is usually because the fields in your index don't meet the criteria for creating an alert. I would double-check the fields in your index and compare to what fields can be used. Here's one example that includes criteria, there are a few more listed here.
This is the field i want to access in my Alerts:
But i cannot find the difference between this one, and for example fortinet fields which are available to me.
What alert are you trying to use? The index threshold alerting rule type should support building conditions against numeric fields, like the one you show above. Other alerting rule types may be expecting keywords or text for certain fields.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
