HI All,
I have 200 different Log sources which i need to monitor all of them has different IP address, what is the best possible way if any of the IP/Logsource is not sending logs to ELK, i need to generate an alert. a watch would be able to identify, but i dont know how to track the IP which is not sending logs.
Have you looked at this example in the examples repository on GitHub? It seems quite similar to what you are looking for?
Thanks Christian,
this can work for me but i don't understand that how i will define a list of IPaddress which i need to monitor.
This example does not work off a list of IP addresses. It just compares the sources that sent data over the most recent period to the ones that sent data earlier. If a new source is added it will therefore pick this up, and if any source is removed it will alert on that even if it is a planned removal. If you want to compare this to a fixed set of IP addresses you could do this in additional chained steps.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.