Hi David, I have the same request but, as a new user of ES, I'm interested to know why the alerting process should be moved to the Logstash layer.
I'm thinking (on a white board for now) about a logstash layer (Log->ES) followed by an ES layer (index + alerting). I thought building requests via the percolate API to be able to centralize the alerting process instead of spanning the same "rules" on any logstash layer. Is it so heavier in terms of CPU/IO/... on the ES layer side that you prefer move this on the Logstash layer ? Or because other reasons ? Thanks in advance. Christophe -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5e073c5a-7681-45db-a86d-cabefe2f4411%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
