Slide 15
Slide 15 text
15
Usages: Ad Hoc Query Alerts
/** Set up adhoc alerting based off what you use to locate messages in kibana.
*
* item_name - a short name. Examples: elastic_search.syslog.sum.5min.int and elastic_search.syslog.sum.5min.string
* query - the search terms you are using
* threshold - number of hits in the last frequency of minutes
* type - the type of message either 'gelf' or 'syslog'. php messages are gelf and logstash messages are syslog
*/
/** Set up adhoc facet query alerting based off what you use to locate messages in kibana.
*
* item_name - a short name. Examples: elastic_search.syslog.sum.5min.int and elastic_search.syslog.sum.5min.string
* query - the search terms you are using
* short_name - added to the item name to distinguish multiple items from multiple queries that you want in the same email
* threshold - number of hits in the last frequency of minutes
* type - the type of message either 'gelf' or 'syslog'. php messages are gelf and logstash messages are syslog
* facet - the field you want to facet on
* recipients - the email(s)
* template - the name of the zabbix template you'd like these items in
* additional_fields - if you need to see detial on fields other than the facet field in the email you can add them here.
* additional_facet_fields - if you need to see all of another field that this error contians for example all the hosts an error is on
* latest_timestamp_within - will check that the latest timestamp is within this window before includeing any hits in the email
* window - defaults to frequency. This is the number of minutes to search.
* email_subject - the subject to appear in the email
* es_host_array - an array of es_hosts to query
*/