I only see the "last" xx days in the option, but I need more than > 90 days old data. Could you please help me with how to set it up? I tried in-dev tools and got the expected result.
{
"_source": ["data.xxxxxx.xxxx.xxxx","@timestamp"],
"query": {
"range": {
"@timestamp": {
"gte": "now-90d"
}
}
}
}
But unable to achieve in alerting part.
Hi! Thanks for writing in. Let me see if I can help. May I ask what version you're on?
I was wondering if your concerns were regarding the actual data still being available in the index, which would relate to ILM or Index LIfecycle Management, with relating docs here:
But, if the problem exists more within the Alert creation, can I confirm if you're using Kibana Alerting to achieve this? If so, which Rule type are you using? Knowing that we can guide you through the creation. Some relating Kibana Alerting docs are linked below, and I hope are helpful:
If you're using a separate system for the alert I'm not sure I'll know how to help within that context. If dev-tools worked, I'm unsure where to go from here, if you can expand on it we can try to help.
Regards
Dear Eric,
thank you for the link. I'm trying to achieve the alerting on Log threshold.
Dear Muthusundar, hi - that helps to know. So, I'm looking at the Log Threshold Rule in Kibana Alerting and I see the dialog that allows me to pick the days I wish to query over.
This is the dialog I see (below), are you seeing the same?
Dear Eric,
Thank you so much. The above condition as 75 for the last 365 days is not working because the count 75 is taken as the record count last 365 days
Thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
