Hi,
Very new on this, but we are using Elastich Search in AWS with Kibana. They just released Open Distro with Alerting and I want to create a monitor on a specific field called log-severity and if this reports “error” but when I try I don’t seem to be able to do that? Is it possible to create alerts on text?
Hi Patrik1972,
Can you elaborate more on the use case you have? Do you have something similar to ELK setup where you digest logs into an elasticsearch index? Are you interested in total number of documents for log-severity field with error?
I would start with a DSL term query such as below as part of monitor definition input.
"inputs": [
{
"search": {
"indices": [
"my_log_index"
],
"query": {
"query": {
"term": {
"log-severity": "error"
}
}
}
}
}
]
We have a kubernetes cluster where we send our logfiles to Coudwatch and then to elastic search as json and I would like to trigger a Alert when there are a log event that comes with a “log-severity”: “error”
So I have a index called cwl-2019.04.25 (Or rather cwl* as I want to search all new ones) and I want to search on:
| Name | Type | Format | Searchable | Aggregatable | Excluded | |
|---|---|---|---|---|---|---|
| log-Severity | string | String | ||||
| where result is “error” |
I solved it
{
“query”: {
“term”: {
“log-Severity”: “error”
}
}
}