Identicon
Reputation: 1
How to Create Email Alerts for Tracking Untracked Hosts on Kibana?
I have a dynamic file called known_hosts present on remote server that contains a list of all known hosts, which is updated daily using a cron job. The data from each host is sent to Logstash every 5 minutes using another cron job. Now, I want to compare the list of hosts present on Kibana with the hosts listed in the known_hosts file. I need to send an email alert listing the hosts present in known_hosts but not on Kibana.
I know I can use watchers on Kibana for this purpose but how should I compare the values present on host_list and output of Kibana query.
{
"trigger": {
"schedule": {
"interval": "5m" // should it be every 5 mins or per day , as known_host file updates each 24 hrs but data is send to kibana from hosts every 5 mins
}
},
"input": {
"search": {
"request": {
"body": {
"size": 0,
"query": {
// my query
}
},
"indices": [
"my_index_*"
]
}
}
},
"condition": {
"compare": {
// how should I compare the output of input query with known_host file.
}
},
"actions": {
// email alert
}
}
How can I achieve this? Any suggestions or code examples would be greatly appreciated. Thank you!
Upvotes: 0
Views: 27
Answers (0)
Related Questions
- grok script for writing to logstash and rendering in Kibana
- How to parse data from S3 using Logstash and push to Elastic Search and then to Kibana
- Kibana not sending alert on new data
- Kibana dont create, the indice of my data
- Logstash email alerts dynamically from multiple log files
- Logstash email alerts
- Parse Multiline JSON with Arrays using grok in logstash
- Not getting each error email alert from logstash 1.5.4
- Find the top 5 hosts being denied by the firewall in Kibana + Elasticsearch + Logstash
- How can I integrate Tomcat6's catalina.out file with Logstash + ElasticSearch + Kibana?