New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alert Filter #85

Closed
wants to merge 10 commits into
base: master
from

Conversation

Projects
None yet
5 participants
@jpyth

jpyth commented Jul 15, 2014

A new filter that alerts based on thresholds. Generates a single alert(event) if a threshold is exceeded or not met within a given time period. This can be used to generate an email or other form of escalation/tracking.

Example:
if [response] == "404" {
alert {
max_threshold => 10
max_threshold_msg => '404 Alert'
period => 300
key => "404-Alert"
}
}
Or
if [response] == "200" {
alert {
min_threshold => 10
min_threshold_msg => 'No Traffic to site'
period => 300
key => "202-Alert"
}
}

There is also a 'heartbeat' option to let the filter run and only check key/expire time. This lets you alert on a min_threshold even if the given event has not occurred -- Without it, you'd only get an alert after the 'next' time you see the log entry and the min_threshold was missed. Here is a more detailed overview of it, http://dopey.io/logstash-filter-alert.html

@darkwarriors

This comment has been minimized.

Show comment
Hide comment
@darkwarriors

darkwarriors Aug 20, 2014

+1 for this pull, beacuse it could be very usefull for who like me, try to index apache events and would like to know if a web server crashed (it didnt send logs within a time period) or it get a huge amount of 404. Hope this will merge soon.

darkwarriors commented Aug 20, 2014

+1 for this pull, beacuse it could be very usefull for who like me, try to index apache events and would like to know if a web server crashed (it didnt send logs within a time period) or it get a huge amount of 404. Hope this will merge soon.

@danpopp

This comment has been minimized.

Show comment
Hide comment
@danpopp

danpopp Nov 15, 2014

Yes. Make it so Number 1.

Engage!

danpopp commented Nov 15, 2014

Yes. Make it so Number 1.

Engage!

@DevBOFH

This comment has been minimized.

Show comment
Hide comment
@DevBOFH

DevBOFH Jul 16, 2015

+1. Any updates on this?

DevBOFH commented Jul 16, 2015

+1. Any updates on this?

@untergeek untergeek closed this Jun 29, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment