Use Case

As a user, I am using Synthetics (beta) in Elastic Cloud 8.7.0 to monitor the availability of a service on multiple hosts in an agent policy with an Uptime Test using TCP Ping. Synthetics (beta) sees connection failures to the port as expected, however it doesn't show me which host failed in the alerts, it just shows the location name of the private location.

The Rest of the Story...

I have a service which must be available on multiple servers in a policy (it's not a load-balanced service). I have created an Uptime Test using TCP ping alert in Synthetics (beta) which shows whether the service is available and applied it to the policy as a private location, so that it runs on each host and reports back the service status for that host. When I look at the data for the synthetics-* data streams it shows all the information I need.

My issue is alerting. The alert when the service goes down on a specific host just shows that the alert is down from the location name of the private location that I've assigned to the policy. What I need to be able to do is apply a group by on a field in order to identify that the service is down on a specific host (e.g., group by agent.name, which is available in the synthetics data stream).

A workaround might be to apply a logs-* or metrics-* alias to the synthetics-* indices so that I can leverage those alert rules, but I would prefer to not do this.

Is there another way to accomplish this without creating an alert for each individual host?

I ended up applying an alias to the data stream that allows the logs-* index pattern to pick it up. The easiest way to do this was to add to the synthetics-*@custom component template, then delete the data stream and allow it to recreate itself. host.name is not included in the fields in the synthetics-* data streams, but agent.name is, so that's what we're using for our Group by.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.