2

I use EFK (elastic,fluentd,kibana) to analyse my servers logs. I want it to send me notification if a special condition happeend (for example logs are abnormal)

I found it is named as watching or alerting in kibana and elastic but as I use basic mode of elastic on my server and I don't have license I can't using it.

Is there any way to enable it or maybe other useful tool for this job?

thanks

smh
  • 109
  • 1
  • 10
  • Which version are you using? In the last one, 7.7, the Kibana Alerting feature has some free actions, as indexing the alert in another index, you can use it in combination with a custum python script, which will query this index and trigger what you need or with a tool like [elastalert](https://github.com/Yelp/elastalert). – leandrojmp May 23 '20 at 13:47
  • @leandrojmp I use 7.7 version. tnx for your suggestion I'll search for elastalert just now. may I ask you what is free feature you said is called? do you have a reference for more details about it and how can I start using it via combination with a script ? – smh May 26 '20 at 04:07
  • Take a look at the [documentation](https://www.elastic.co/guide/en/kibana/7.x/alerting-getting-started.html), it explains how to use it. – leandrojmp May 26 '20 at 12:33
  • you made my day @leandrojmp – smh May 27 '20 at 04:58

1 Answers1

3

I found these 2 tools useful :

  1. Elastalert ( python based)
  2. OpenDistro

now I started using Elastalret for my job

smh
  • 109
  • 1
  • 10