Hi every one,
I have 5 machines that send logs into test index without logstash.
my test index is like :
{
"id" : "Machine_1",
"services_is_ok" : true,
"delta" : 60,
"time" : 1601799912000,
},
{
"id" : "Machine_2",
"services_is_ok" : true,
"delta" : 60,
"time" : 1601799917000,
},
{
"id" : "Machine_3",
"services_is_ok" : true,
"delta" : 60,
"time" : 1601799918000,
},
{
"id" : "Machine_4",
"services_is_ok" : true,
"delta" : 60,
"time" : 1601799920000,
},
{
"id" : "Machine_5",
"services_is_ok" : true,
"delta" : 60,
"time" : 1601799910000,
}
every 60s to 70s data of all machines save in elasticsearch.
I want to set an alarm for watching for example Machine_4 and fire alarm when the data of Machine_4 not received by elasticsearch