Potrzebuję uruchomić alert, który poinformuje mnie, gdy dane źródło przestanie pisać. Czy mamy taką możliwość w Energy Logserver ?
Aktualnie wykorzystałem definicję z Flatline :
threshold: 1
timeframe:
hours: 1
query_key: logsource
realert:
hours: 6
use_terms_query: true
doc_type: _doc
alert_text_type: exclude_fields
alert_text: |
| Alert rule: | {0}
-----------------------
| Timestamp: | {1}
-----------------------
| Logsource: | {2}
-----------------------
| Link: | {3}
alert_text_args: [name, "@timestamp", key, kibana_discover_url]
generate_kibana_discover_url: True
kibana_discover_app_url: https://ipaddress:5601/app/kibana#/discover
kibana_discover_version: '7.3'
kibana_discover_index_pattern_id: bd8b6990-9ebd-11eb-b168-ab3beacbcedb
kibana_discover_columns: [logsource]
Aktualnie wykorzystałem definicję z Flatline :
threshold: 1
timeframe:
hours: 1
query_key: logsource
realert:
hours: 6
use_terms_query: true
doc_type: _doc
alert_text_type: exclude_fields
alert_text: |
| Alert rule: | {0}
-----------------------
| Timestamp: | {1}
-----------------------
| Logsource: | {2}
-----------------------
| Link: | {3}
alert_text_args: [name, "@timestamp", key, kibana_discover_url]
generate_kibana_discover_url: True
kibana_discover_app_url: https://ipaddress:5601/app/kibana#/discover
kibana_discover_version: '7.3'
kibana_discover_index_pattern_id: bd8b6990-9ebd-11eb-b168-ab3beacbcedb
kibana_discover_columns: [logsource]
