Creating Alert Notifications in Elasticsearch: No Logs Alert
Elasticsearch is an excellent tool when trying to build log-related solutions. So, we created an alert service on top of our logs in the previous article. If you haven't had the chance, you can read it beforehand.
In the article previously written, we tried to create an alert if the number of logs increased for a specific condition. So, for example, we will get a slack error if the number of errors increases for the application logs.
So, think that you have a service and this service produces logs every minute and you want to track that service. As you know from the previous article, we used the index_treashold feature of the Alerting service.
And we had a condition as the number of nginx errors is above 5. The service created a notification according to this condition.
So, according to our new criteria, we will create another alert rule according to our previous article but just only we will change the condition part as follow:
In this condition, instead of using IS more than 5 we will use IS less than 1 for the last 5 minutes. Based on the rule, a notification will be generated if the amount of logs within the last 5 minutes is less than 1.
In this example, I did not use any filter for the logs but you can also apply filters for the logs to count specific logs on your indices.
Thanks for reading. Don’t forget to applaud and follow me on social media.
