We have many indexes, and are consistently adding more to our cluster. We need to know when an index doesn't receive any documents in X number of minutes. For instance, if logs-foo hasn't received any documents in 1 hour, we want an alert to fire. Or if logs-bar hasn't received a document in 1 hour, fire an alert. The issue is we can set a watcher for this for each individual index, but not a generic catch-all. This is not scalable if we have to create a watcher for each index. Is there no way to create a watcher rule that looks at all indexes, and if there has been 0 documents ingested in X minutes in any one index, fire an alert specifying which index has not received documents?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Notify if Index Has 0 Logs in X Minutes | 1 | 200 | April 29, 2024 | |
| How to create a Watcher for no ingested logs for X minutes | 2 | 528 | July 21, 2020 | |
| Elasticsearch indexes - watcher notifications | 9 | 1630 | September 15, 2017 | |
| What is the best way to monitor log sources? | 3 | 602 | June 11, 2018 | |
| Get Alert per Log of All Indexes - Watcher | 1 | 397 | January 8, 2020 |