I have elasticsearch, kibana and packetbeat running and I want to get alerts whenever there is abnormal activity with packetbeat information. How do I do it? My elasticsearch, kibana and packetbeat are running on-premesis.
Hey there Joel! 
So what exactly do you mean by abnormal behavior with regards to packetbeat information? Are you just looking for some sort of health-check rules, like if ingest stops or reaches a certain throughput?
If that's the case, you can use some of the Stack Rules to achieve this:
Let me know if that's not the case and I'd be happy to guide you further 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.