Hi, I'm new to Elastic. I'm looking into Beats agents for network interface monitoring: if the interface is up or down. However I don't see any relevant fields that can be used to do this job, I will appreciate any help.
As this functionality is not provided by default in any beats agent, I've created a cronjob:
/usr/sbin/ip link show | grep -v "lo:" | grep state | logger -p notice -t elastic
that logs interface state; Filebeat forwards the logs to Elasticsearch and the alert is created based on the log:
Kibana Query Language:
message : eth* eno* ens* and message : "state DOWN"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.