Hi all,
when creating a kibana rule we have a option called Log threshold(attched) and using that we can compare a custom log4j field(client_email) count . can I do the same logic using search guard
watcher? please help me.
Regards,
Pramila
@pramilaniroshan You can monitor any field of the ingested log4j log or any log to the Elasticsearch index using Signals Alerting. You can also set the frequency and check conditions, transform ingested data and define actions that will send alerts to email or other messaging services.
You can find more detailed information in the Search Guard documentation.
I checked that, but we can’t matches phrase like we did in elasticsearch. We can trigger an action when a field value is equal to some string ( client-email == “test@t.com”). However, in search-guard I cannot see any option to do that. It only has types like average(), count(), sum(), min(), and max(). What suggestions do you have?
Regards,
Pramila.
@pramilaniroshan The shared screenshot represents a Graph type of the watch definition.
You need to use Blocks instead.
1 Like
@pablo Thank you so much. it’s works. Can I know these things also?
- can watches snoozed?
- can watches run only one time? no repeat
- can I get a watche id for call a webhook? (using mustache or dynamic run time data)
I’m using search guard rest API for creating these watches.
Thanks,
Pramila.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.