There was another thread on this very recently, and some people are using riemann for this. Take a look in the archives and you can probably find some useful info.
Regards, Mark Walkom Infrastructure Engineer Campaign Monitor email: ma...@campaignmonitor.com web: www.campaignmonitor.com On 2 July 2014 22:53, Joshua Hall <joshuadeanh...@gmail.com> wrote: > I am looking to build a logging solution and wanted to make sure that I am > not missing any key components. > > The logs that I have are currently stored in a database which there is > limited access due to locking risks from bad queries. > > My plan is to have the dba's write the logs from the database tables to a > file on a set interval then have logstash pick up the logs and write it to > elastic search. Then for viewing/searching the logs I will be using > kibana. Everything up to this point I have been able to make a proof of > concept for but the other request was to have alerting. > > I have spent some time looking at this and the general response seems to > be to use percolation, but that seems to only make sense if you want to > send an alert if you receive a single error that matches a query and from > what I have seen there is no way to a threshold alerting system using > percolation. > > My thought to solve the threshold alerting is to create a simple web UI > that allows the user to enter in a query to search for, a threshold, a time > frame, and emails to send the alert to that would get stored in elastic > search. Then an app (Running as a windows service or cron job) that pulls > the alerts and then runs the queries and checks the time-frame and > threshold (Would run on some interval). If the count surpasses the > threshold then it would send an email to values stored in the email > addresses. > > I know that SPM seems to cover this and move but we are currently looking > to see if we can do this without buying another product. > > Is this the correct approach to take or should I be looking at doing > something else? > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to elasticsearch+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/ce1cb3cc-e974-4b3b-8568-a2afaaae6c00%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/ce1cb3cc-e974-4b3b-8568-a2afaaae6c00%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624Z2f%3DD9H1LfWX98oTNNJia2R1-NEwkpiEtZ63FiKrOmGA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
