How to stop executing action if their is same hits came again for the matched condition.i.e i want to send mail alert if their are distinct error came.
I want to scan the log every 10 min interval but if their occurs same error post 10 min then i will not send alert for that.
This is partially addressed here
I think what you are looking for is something like "auto acknowledgement".
I don't know if a very long throttle time is set, (say a day), the watch triggers, then clears in 1 hour, then triggers in another hour, if it's still considered inside the original day throttle, or if the watch clearing resets the throttle time.
If not, some external automation might be necessary to do the acknowledgement.
We use Zabbix for alerting, if I ever get caught up with things, I'd like to integrate watch alerting into our existing Zabbix notification structure. I don't want to reinvent the wheel for our notification system inside Elastic when we already have it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.