Notification System on ELK [closed]

Question

I have an ELK stack. I need to get email notifications based on certain queries. How could I achieve this behavior using only open source software?

Answer 1

I will sugest to have a look at elastalert :

https://github.com/Yelp/elastalert

it covers ( under apache licence ) following use cases :

"Match where there are X events in Y time" (frequency type)

• "Match when the rate of events increases or decreases" (spike type)

• "Match when there are less than X events in Y time" (flatline type)

• "Match when a certain field matches a blacklist/whitelist" (blacklist and whitelist type)
• "Match on any event matching a given filter" (any type)
• "Match when a field has two different values within some time" (change type)
• "Match when a never before seen term appears in a field" (new_term type)
• "Match when the number of unique values for a field is above or below a threshold (cardinality type)