Send email alerts if log level == ERROR in more than one index

i have ingested python logs in Elasticsearch. Sample of my logs given below

[2021-10-01 23:54:39,752] [INFO] [run][MainThread] [xxxxxxxxx] [function_name:line no] : updating user request mapping for the request xxxxxxx
[2021-10-01 23:54:50,021] [ERROR] [run][request_thread] [xxxxxxxxx] [function_name:line no] : Exception occurred.
 stacktrace...
 ......

When my logs contain log level == ERROR i want to send a mail to the pdl with the error adn stacktrace.

Hi @Chandrakant_Naik,

This sounds like a great use case for the logs threshold rule: Create a logs threshold rule | Observability Guide [master] | Elastic. You can create this rule and then attach an email action to the rule in order to be notified.

Thanks,

i'm runnign kibana on my localhost:5601, unable to access alerts, it says u need to enable TLS and i'm unable to do it.

Well you will either need to enable Security/ TLS to use alerts or perhaps a very small Elastic Cloud instance. Alerting feature requires Security / TLS to be setup up.

https://cloud.elasti.co

I wrote a step-by-step How To to secure a single Elasticsearch / Kibana on a single host, it should take you about 15 minutes

See Here

Without using the cloud instance, how do i enable Security/TLS in my localhost.. is there any write up on that. Under config folder i have the .p12 file and have enabled following configurations in Elasticsearch.yml file

discovery.type: single-node

# Enable security
xpack.security.enabled: true

# Enable auditing if you want, uncomment
# xpack.security.audit.enabled: true

# SSL Settings
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-stack-ca.p12
xpack.security.http.ssl.truststore.path: elastic-stack-ca.p12

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12

Post all this, i restarted Elasticsearch it just got stuck and it gives me following mesage -
recieved plaintext http traffic on an https channel

In the post above I provided a link to a step by step instructions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.