New to ELK
I'm trying to setup rules for alerting on Kibana. One of them would be "Host Down".
Trying to use the system.uptime.duration.ms metricset to tell me if a Host is down for more than 5 mins.
So far, below image is what I get. I turned off one the hosts and so I should be getting "1 instance has satisfied the condition" instead I'm getting 0. I know I'm missing something rudimentary here, Please help.
Also is there a link where we can view examples for alerting?
Welcome to our community! 
You are only alerting on the last 1 min, as per the timeframe right under the bar graph. Can you change that and see if it helps?
Because if you may not have any matching "down" events in that last minute.
alerting for 1 min has worked too.
The status on the rule changes to recovered after 15 mins or so, enough though I haven't restarted the server or metricbeat. Am I missing something? I need to make this alert ongoing until resolved.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
