I'm currently exploring Watcher and I very much like the idea of having triggers and actions. But I fail to see any really good use cases.
One often used example is sending an email when there are errors in de indexed application logging. But I could also set up a Kibana dashboard for that. Yes, I know this is only a good alternative during business hours.
For every possible use case for Watcher I come up with, I see a good alternative solution. So I was wondering if there are others with very Watcher use cases to inspire me to use Watcher in ways I good never image.
Just post your ideas about using Watcher and inspire the rest of us.
I'm also new to watcher after implementing ELK stack in our environment. I'm still evaluating watcher right now but for our setup, I can see it being useful.
I'm currently sending Syslog output into ELK (via Logstash forwarders) and we use a third party product to check Syslog logs for issues in our estate. At some point in the future, we'll probably move from syslog and send all our logs direct to logstash (maybe via Redis) removing syslog entirely and replacing it with ES. We still need something that can do what our third party product did which is why i think watcher has been developed.
We also have a script to interrogate ES for specific data so I may end up using that for pattern matching and emailing.
I'm using Kibana3 and I would be very interested to know how you setup email alerts in your dashboard.
Hi Patrick, this is a question I have heard a number of times, and I'm eager to hear others in the community share their stories. Dennis - thanks for sharing! We see many people using ELK to process and alert on syslog data.
I don't see Watcher as a replacement for Kibana Dashboards, in fact, quite the opposite. Kibana is a wonderful tool for visualizing data, and can help you quickly drill into an issue and sort it out. However, Kibana doesn't have the ability to alert you when something goes wrong. That's where Watcher comes in.
Tomorrow, I'll be tempting the demo gods and doing a live demonstration of Watcher on live Twitter data, and you can see how I use Kibana as a way to make creating a Watch even easier. I'll also talk through some of the advantages of Watcher vs. building your own.
Thank you, @dmccuk, for elaborating on your use case. I think the network monitoring use case you describe will be one of the most used use cases.
Thanks you, @skearns, for engaging in this discussion. I will watch the webinar (as I do with almost every Elastic webinar). I thought about a Twitter use case myself: watching any sudden rise in negative sentiment about a company or product.
@PatrickKik I didn't get to see the webinar yet but will catch it once it's available. As you mentioned, my particular use case is one of the most common. Could you do a similar webinar or video covering how to use watcher to replicate our syslog scanners and report (via email?) on specific terms including throttling so we don't get regular alerts for the same event?
I'm trying to get watcher to do this right now (as an evaluation) and following the docs online I can get an email when my cluster goes yellow (single node) but when i try and apply it to search terms, it doesn't seem to work as i expect and emails are continuous despite adding in throttling.
I'd be happy to share my setup. I'm probably just missing something.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.