Watcher which tries 2 times before alerting

Dimitri2 · December 29, 2021, 2:10pm

Hello everyone,

I'm new to Elastic and I'm having trouble.

I'm trying to get my Watcher to not return an alert right away but wait a moment to confirm or deny the problem.
So instead of sending an alert directly, I want the Watcher to wait for example 15 minutes then look again and send the alert if the problem persists.

I found this topic that seemed to have the same problem as me but I didn't understand the answer given : Delay watcher trigger time | Heartbeat

Do you have an idea?

Thank you for your help.

Dimitri2 · January 3, 2022, 2:14pm

Hello everyone!

I'm still stuck, can you please help me?

Thank you!

dadoonet · January 5, 2022, 1:16pm

I think you can write the first alert to another index with the timestamp.
Then add a watch on this index and if the number of hits within an 15 minutes period is more than one, send the alert you want.

spinscale · January 5, 2022, 3:32pm

How about refining the way you are querying Elasticsearch? Instead of one query looking back the last 15 minutes, how about creating two queries. The first looks back from now till 15 minutes ago, the second from 15 minutes ago till 30 minutes ago (or whatever time delay you are interested in) and then you check if the problem exists in both queries. If that is the case trigger an alert.

--Alex

Dimitri2 · January 7, 2022, 1:08pm

Hello,

I'll try to do it like this.

Thank you very much for your answers!

system · February 4, 2022, 1:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.