Can we create a watcher if the elasticsearch logs have [DEBUG], [ERROR], couldn't create an index, failed to create an index or execute and in kibana if we cant see any logs. If the /var/log/elasticsearch contains these type of errors then I want an alert. Last week, all of sudden kibana did not receive any indices from elasticsearch because elastic search failed to create and did not observe. Checked after 2 hours there are no logs for particular period of time. I resolved the issue but if it happens again how do I get an alert .Is there any other approach? To get an alert we search the indices if the indices are not created then?
for example,
[2018-10-31T14:07:37,343][DEBUG][o.e.a.b.TransportShardBulkAction] [metricbeat-2018.10.31][3] failed to execute ..........