Send email alerts if log level == ERROR in more than one index

i have ingested python logs in Elasticsearch. Sample of my logs given below

[2021-10-01 23:54:39,752] [INFO] [run][MainThread] [xxxxxxxxx] [function_name:line no] : updating user request mapping for the request xxxxxxx
[2021-10-01 23:54:50,021] [ERROR] [run][request_thread] [xxxxxxxxx] [function_name:line no] : Exception occurred.

When my logs contain log level == ERROR i want to send a mail to the pdl with the error adn stacktrace.

Hi @Chandrakant_Naik,

This sounds like a great use case for the logs threshold rule: Create a logs threshold rule | Observability Guide [master] | Elastic. You can create this rule and then attach an email action to the rule in order to be notified.


i'm runnign kibana on my localhost:5601, unable to access alerts, it says u need to enable TLS and i'm unable to do it.

Well you will either need to enable Security/ TLS to use alerts or perhaps a very small Elastic Cloud instance. Alerting feature requires Security / TLS to be setup up.

I wrote a step-by-step How To to secure a single Elasticsearch / Kibana on a single host, it should take you about 15 minutes

See Here

Without using the cloud instance, how do i enable Security/TLS in my localhost.. is there any write up on that. Under config folder i have the .p12 file and have enabled following configurations in Elasticsearch.yml file

discovery.type: single-node

# Enable security true

# Enable auditing if you want, uncomment
# true

# SSL Settings true elastic-stack-ca.p12 elastic-stack-ca.p12 true certificate elastic-stack-ca.p12 elastic-stack-ca.p12

Post all this, i restarted Elasticsearch it just got stuck and it gives me following mesage -
recieved plaintext http traffic on an https channel

In the post above I provided a link to a step by step instructions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.