We have many indexes, and are consistently adding more to our cluster. We need to know when an index doesn't receive any documents in X number of minutes. For instance, if logs-foo hasn't received any documents in 1 hour, we want an alert to fire. Or if logs-bar hasn't received a document in 1 hour, fire an alert. The issue is we can set a watcher for this for each individual index, but not a generic catch-all. This is not scalable if we have to create a watcher for each index. Is there no way to create a watcher rule that looks at all indexes, and if there has been 0 documents ingested in X minutes in any one index, fire an alert specifying which index has not received documents?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Notify if Index Has 0 Logs in X Minutes | 1 | 160 | April 29, 2024 | |
| How to create a Watcher for no ingested logs for X minutes | 2 | 503 | July 21, 2020 | |
| Alert if no logs received for each host | 4 | 1256 | May 23, 2019 | |
| Ability to alert when no data is being recieved | 6 | 4538 | March 20, 2018 | |
| Elasticsearch indexes - watcher notifications | 9 | 1574 | September 15, 2017 |