Hi All,
I have created an alert which will do send alert on a specified index. I have chosen elasticsearch query index.
I have used metricbeat-* index for monitoring system uptime if node goes down i will get the alert
Here is my query
{
"query": {
"bool": {
"filter": [
{
"bool": {
"must": [
{
"term": {
"metricset.name": "uptime"
}
},
{
"range":
{
"@timestamp": {
"gte": "now-15m"
}
}
}
]
}
}
]
}
}
}
Alert ScreenShot
pic 1:
pic2:
pic3:
Alert output will send to below index
PUT test
{
"settings": {
"number_of_shards": 1,
"number_of_replicas": 0
},
"mappings": {
"properties": {
"timestamp":{"type": "date"},
"rule_id":{"type": "text"},
"rule_name":{"type": "text"},
"alert_id":{"type": "text"},
"context_message":{"type": "text"}
}
}
}
Result i am getting , the system was down today at morning 10.43 but it is showing evening 5.
How can i correct this ?