Writing watcher alerts back to elastic

blueren · September 20, 2017, 9:14am

Hi,
I'm trying to create watcher alerts for netflow data that I have. At present, by watching the official elastic video on youtube, I understand that once can log the alert on the logfile apart from send out emails / slack notifications etc.

My question is, is it possible to write the alert message back to elasticsearch so that I can maybe build a dashboard over it? I read somewhere that it should be possible, but I'm having difficulty finding the official documentation / tutorials surrounding this. Could someone please point me in the right direction?

Thanks.

warkolm · September 20, 2017, 9:40am

You can! Check out https://www.elastic.co/guide/en/x-pack/5.6/actions-index.html

We may not have a video, but check out the example here https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches/port_scan

system · October 18, 2017, 9:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.