We use Nagios for alerting. I originally was using the nsca output plugin for logstash, but found that it took close to a second to execute the command line nsca client, and if we got flooded with alert messages, logstash would fall behind. I've since switched to use the http output and send json to the nagios-api server (https://github.com/zorkian/nagios-api). That seems to scale a lot better.
We do also have metrics sent from logstash to statsd/graphite, but mostly so I can see message rates. mike On Monday, June 23, 2014 4:50:22 AM UTC-4, Siddharth Trikha wrote: > > We are using the `ELK stack (logstash, elasticsearch, kibana)` to analyze > our logs. So far, so good. > > But now we want notification generation on some particular kind of logs. > Eg When a login failed logs comes more than 5 times (threshold crossed) an > email to be sent to the sysadmin. > > I looked up online and heard about `statsd`, `riemann`, `nagios`, `metric` > filter (logstash) to achieve our requirement. > > Can anyone suggest which fits best with ELK stack?? I am new to this. > Thanks > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d609f39f-e452-44e8-a962-0e4b2a88e920%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
