Reputation: 392
Find Missing Logs with ELK
I've just deployed ELK in an attempt to see if it can be used for monitoring logs and alerting about issues.
What I need to be able to detect is mostly missing records: Say a log record was received, saying a user is about to make some sort of request. I then expect to see the log record saying the request has been made.
If the second record was not received within X seconds from the arrival of the first, then something is wrong, and I want to alert about it.
Any ideas how to achieve that?
Upvotes: 1
Views: 1452
Answers (1)
Reputation: 16362
I have used the elapsed{} filter to do something similar. With it, you declare the first event and the "matching" event. If the matching event doesn't appear within a period of time, it will generate an "expired event" that you could check for.
Upvotes: 1
Related Questions
- Python Logs to Logstash(ELK) issue
- Collect stdout/stderr logs with sidecar container
- Creating SEIM Dashboard for AWS logs using ELK Stack
- Kibana Not Showing Any Logs (ELK Stack)
- Analyze, anaomaly detection and alert after logs analysis - ELK
- How do I group logs in Kibana/Logstash?
- Linux ELK server reading cloudtrail logs - troubleshooting issues
- Elastic goes down
- ELK stack pulling in older logs