we have installed filebeat on aws machines around the world. Sometimes, some machines cannot send out log, is there any want to trigger an email alert when something like that happen?
I think you can research Kibana Alerting: https://www.elastic.co/what-is/kibana-alerting
I don't reckon anything dedicated or embedded together with filebeat.
How we do is
- maintain a list of beats which we intend to send events regularly (or are important) in
beats_mandatoryindex and a gap for heart-beat (eg600s) - Run a query, to ensure the information/heartbeat (or any type of message) has been received from that beat in the above heart-beat gap
- count values by beat, and if it's less than 1 , alert
would look something like below
