I am using logstash, elasticsearch and kibana to analyse my logs. I am
alerting via email when a particular string comes into the log via email
output in logstash:
email {
match => [ "Session Detected", "logline,*Session closed*" ]
...........................
}
This works fine.
Now, I want to alert on the count of a field (when a threshold is crossed):
Eg If user is field, I want to alert when number of unique users go more
than 5.
Can this be done via email output in logstash??
Please help.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cc8f4f96-6593-424d-9599-759092b5c409%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
