Logs alert creation #19

mukeshelastic · 2020-03-23T14:37:54Z

Summary of the problem

As an observability user persona, I'd like to create alerts for following use cases:

When the count of (ECS.field = value) > static threshold within last X time unit then send a slack message that contains document.field value

Alert definition UI

When count of <ecs.field = value> is greater than integer within last 5 minutes

When the count of ( message contains ) crosses a static threshold within the last X time unit then send me a message

Alert definition UI

When the count of ( ecs.field contains ) is greater than an integer threshold in last five minutes

document message contains a specific log pattern AND/NOT other log patterns in the same document then send a message

Alert definition UI

When the ecs.field contains , AND ecs.field does not contain <text pattern 3> in last five minutes

(Stretch Goal) the count of ( message contains text pattern) for each bucket represented by a unique value in specific ecs.field, goes beyond a static threshold

Alert definition UI

When the count of( ecs.field contains <text pattern 1>, ) group by ecs.field is greater than integer threshold in last five minutes

(Stretch Goal) Creating alerts from anomaly explorer tabular information

elasticmachine · 2020-03-23T14:37:56Z

Pinging @elastic/observability-design (design)

katrin-freihofner · 2020-03-30T11:24:58Z

katrin-freihofner · 2020-04-03T12:26:02Z

The alert conditions have been changed to the following:

mukeshelastic added the design For design issues label Mar 23, 2020

katrin-freihofner self-assigned this Mar 23, 2020

katrin-freihofner added [zube]: Inbox [zube]: Backlog [zube]: Ready [zube]: In Progress [zube]: In Review and removed [zube]: Inbox [zube]: Backlog [zube]: Ready [zube]: In Progress labels Mar 23, 2020

katrin-freihofner closed this as completed Mar 30, 2020

katrin-freihofner added [zube]: Done and removed [zube]: In Review labels Mar 30, 2020

katrin-freihofner reopened this Mar 30, 2020

zube bot added [zube]: Inbox and removed [zube]: Done labels Mar 30, 2020

katrin-freihofner mentioned this issue Mar 30, 2020

[Logs UI alerting] Creating a new alert elastic/kibana#61493

Closed

katrin-freihofner added [zube]: In Review and removed [zube]: Inbox labels Mar 30, 2020

katrin-freihofner closed this as completed Mar 31, 2020

katrin-freihofner added [zube]: Done and removed [zube]: In Review labels Mar 31, 2020

katrin-freihofner reopened this Apr 3, 2020

zube bot added [zube]: Inbox and removed [zube]: Done labels Apr 3, 2020

katrin-freihofner closed this as completed Apr 3, 2020

zube bot added [zube]: Done and removed [zube]: Inbox labels Apr 3, 2020

formgeist removed the [zube]: Done label May 26, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Logs alert creation #19

Logs alert creation #19

mukeshelastic commented Mar 23, 2020 •

edited

Loading

elasticmachine commented Mar 23, 2020

katrin-freihofner commented Mar 30, 2020

katrin-freihofner commented Apr 3, 2020

Logs alert creation #19

Logs alert creation #19

Comments

mukeshelastic commented Mar 23, 2020 • edited Loading

elasticmachine commented Mar 23, 2020

katrin-freihofner commented Mar 30, 2020

katrin-freihofner commented Apr 3, 2020

mukeshelastic commented Mar 23, 2020 •

edited

Loading