Hi, I read on the elastic blog that we can use threshold rules to detect if a log source has stopped sending in logs to es but I am still not sure how to create such a rule can anyone help me.
https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches has a bunch of examples that should help.