As Mark says, there's nothing built in. Approaches that I've read about for bolting alerting onto ELK:
1) Use Logstash to output to some other alerting pipeline, such as: email, Nagios, Riemann. 2) Write a cron job / scheduled task to run Elasticsearch queries periodically and take action based on the results. This is not part of Logstash or Kibana; you need to write it yourself. I believe the MozDef project has some code to do this: https://github.com/jeffbryner/MozDef. 3) Write your own indexer that makes use of Elasticsearch percolators. Percolators allow you to match indexed queries against new indexed documents, which is kind of like alerting. Again, you'd need to write it yourself. On Friday, November 7, 2014 9:48:41 AM UTC-7, Wish wrote: > > I am new to ELK stack. I guess, I understand ELK can be used for log > management. You can view the details on dash board using kibana etc. > > however, one question, can we have an alerting system as an extension of > ELK stack ? > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9a5f17eb-0e2b-40ef-b668-45c5598accf6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
