Hello,
I am setting up a monitor and alerting trigger for log message to match on, and here is a screenshot of what I have.
Does this mean when I run this that it worked or how do I tell this worked. The destination is setup in AWS SNS.
Any help appreciated.
Thanks,
Freddie2020
extraction query response shows 0 hits - query string was not found in logs. You may run query in Dev Tools and see what was found
@mmamaenko
Hi
I tried the query in Dev Tools but is giving failure: Syntax error
Any ideas on how to fix this issue?
Thanks Freddie2020
Looks like you need to put in the request into dev tools on the previous line. Something like GET {your index}/_search then the next line is the JSON.
Hello @searchymcsearchface
I ran like you said and it produced the output here:
Any ideas to get it to match for the query? As you can see it is in the log for that index.
Any info appreciated.
Thanks, Freddie 2020
GET filebeat-k8sxxxx/_search
{
“query”:{
“match_phrase”:{
“message”:“Connection to Mongo has failed”
}
}
}
So that worked.
Now, what do I put into my query for the monitor and trigger to occur?
Any help appreciated.
Thanks, Freddie 2020
{
“query”: {
“bool”: {
“must”: [
{
“match”: {
“message”: {
“query”: “Connection to Mongo has failed”,
“operator”: “OR”,
“prefix_length”: 0,
“max_expansions”: 50,
“fuzzy_transpositions”: true,
“lenient”: false,
“zero_terms_query”: “NONE”,
“auto_generate_synonyms_phrase_query”: true,
“boost”: 1
}
}
},
{
“range”: {
“time”: {
“from”: “{{period_end}}||-1m”, <==== adjust time range
“to”: “{{period_end}}”,
“include_lower”: true,
“include_upper”: true,
“format”: “epoch_millis”,
“boost”: 1
}
}
}
],
“adjust_pure_negative”: true,
“boost”: 1
}
}
}
