Please suggest the best way of monitoring log sources, If any log source not sending logs more than 5 minutes then how can I get alerted or notified.
for Ex:
if any windows server is not sending logs for more than 5 minutes or if any Firewall log source is not sending logs for more than 5 minutes then i should get and alert.
Have a look at https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches/system_fails_to_provide_data
HI Warkolm,
Thanks for your Reply,
Its working for me, but as usual i have multiple Indices and i need to monitor them all using single watcher, and i trying to print the message like if {ctx.metadata.watcherui.index} one of the index is not reporting then i should get an alert.
Please let me know how i can monitor all Indices using single watcher.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.