How to setup an alert which checks for a keyword

vrathore12 · June 16, 2020, 4:58pm

I am trying to add an alert on Kibana. The destination is created but I am not able to understand how to create a monitor to check for this key “setException MongoDB Generic Error” and when the count is greater than 1. trigger alert.

I am selecting this options:

How do you want to define the monitor?: define using a visual graph
index? *
Time field? @timestamp

but I am not getting any field where I can enter the keyword.

Basically I am looking to set a monitor which checks and trigger alert whenever new logs comes which contains setException MongoDB Generic Error in the message

**Kibana version:**6.4.2
filebeat: 6.3.2

ftianli · July 8, 2020, 4:48pm

Hi Vikas,
I think for your use case, you could use select “define using extraction query” to define the monitor, and it’s better for monitoring a text value. And then you could set a trigger if the specific text contains in the message.
About setting the trigger:

You may need to enable the regular expressions in the ES cluster, by setting script.painless.regex.enabled: true in elasticsearch.yml. See here for detail: Painless Examples | Painless Scripting Language [6.8] | Elastic
Your trigger condition might be like this: ctx.results[0].hits.hits[0]._source.error_message =~ /setException MongoDB Generic Error/ .

Tianli

Topic		Replies	Views
Kibana Alerting Setup and Testing Open Source Elasticsearch and Kibana	8	633	February 2, 2021
Trigger Kibana Alert for n number of events Open Source Elasticsearch and Kibana	2	457	June 17, 2020
Custom messages using monitors in Kibana Open Source Elasticsearch and Kibana	2	339	May 27, 2023
Elasticsearch security config Alerting	4	2451	March 26, 2020
Free text search and alerting Alerting	4	1314	August 31, 2020

How to setup an alert which checks for a keyword

Related Topics