Sasha
Reputation: 1411
Bosun + Logstash - how to configure alert?
Trying to configure alerts based on logstash query
Here is my simplified config:
logstashElasticHosts = http://<url>:9200
alert logstash.errorrate.exceeds1 {
template = generic
$notes = "The rate of errors in 5 sec exceeds 1."
$lastday = lscount("prod", "level:ERROR", "level:ERROR", "5s", "10m", "")
$lastDayMax = max($lastday)
warn = $lastDayMax > 1
warnNotification = email
}
And I'm recieving neither normal nor warning result while testing alert on bosun/config page:
criticals: 0, warnings: 0, normals: 0, errors: 0
So what am I doing wrong? (Elastic works ok. I've checked with Kibana UI.)
Upvotes: 1
Views: 870
Answers (1)
Sasha
Reputation: 1411
The issue was in keyString/filterString case. It's strange but while the level logged as ERROR (in upper case), the query works only in lower case: "level:error" but not "level:ERROR".
Upvotes: 2
Related Questions
- Bosun fails to send alert
- Email alert with Logstash
- Logstash email alerts
- Using bosun for alerting on influxdb events
- How to modify a message in Log4J 2?
- Filtering messages out of logstash.conf
- Any way to set alerts if logstash is not sending data
- Including multiple messages in a Logstash output email
- Logstash - grok use a field other than message
- Logstash - can an alert be setup based on a filter