Hello! I’m working with Kibana and I need to know if something I need can be done.
I’m creating alerts from the system, and as I can see I only can create on single filter
I would need somewho to get this done:
Get an alarm raised when an error 503 appears in the logs 3 or more times, in a proper field (for this example: http_status_code field is 503). BUT if I do this, I get lots of false alarms, because this error can come from various “hosts” defined in other field called “host”.
I can set the trigger to raise and alarm when 3 or more 503 errors appear in the logs, but I need the system to separate the host when an error appears.
Example:
For the last 5 minutes I get logs from two hosts with this information:
Host:number 1
http_status_code: 503
Host:number 1
http_status_code: 503
Host:number two
http_status_code: 503
Host:number two
http_status_code: 503
Now I will get an alarm, becasuse I got 4 errors 503, but I don’t want that, because I only want the alarm to rise when I get this error 3 or more times in THE SAME host.
Can this be done somehow?
Any help?
Thanks in advance.