Hi,
I want to generate a notification if the current events have decreased a 20% since yesterday.
Example:
Sunday: 100 Events
Monday: 60 Events -> Notification
is it possible to define this query?
Yes Looking for a same.
I need to execute the same query last 15 mins and the same time 7 days back. If last 15mins value is greater than 7 days value, it should trigger an alert.
Is it possible?
you can either execute two queries using a chained input and then compare those in the condition or you can execute a single query, that has two range queries (one for each range) and then use the filters aggregation to aggregate for each range.
I am facing issue when chaining the inputs. To add, I am using AWS elasticsearch service and inhouse kibana with sentinl plugin.
My ES index are created daily with index-YYYY.MM.dd format.
Please help!
I am confused here. Are you using watcher or just hoping it is installed?
the AWS elasticsearch service does not ship with alerting, as this is a commercial feature of Elastic. If you want to use it, you need to have a valid license or use Elastic Cloud, the hosted Elasticsearch platform run by us, Elastic.
Can you run GET _xpack/watcher/stats to find out if watcher is really installed?
Hi Spinscale,
Sorry for the confusion.
I am using the sentinl plugin that uses the same feature of xpack. All the plugin configurations are fine. All I am worried is that the query what I wrote is not working with the xpack plugin too.
Can you please help me with some sample queries that can satisfy the case I am doing.
Thanks!
Are you looking for an example of a chained input?
Hi @Narayanan_Sukumar input chain support is coming soon in SENTINL 5.x
2 Likes
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.