A new filter that alerts based on thresholds. Generates a single alert(event) if a threshold is exceeded or not met within a given time period. This can be used to generate an email or other form of escalation/tracking.
There is also a 'heartbeat' option to let the filter run and only check key/expire time. This lets you alert on a min_threshold even if the given event has not occurred -- Without it, you'd only get an alert after the 'next' time you see the log entry and the min_threshold was missed. Here is a more detailed overview of it, http://dopey.io/logstash-filter-alert.html