Page 3 of 3
Re: Alerts are not working
Posted: Fri Apr 08, 2016 2:01 pm
by gimeb
Should I create a separate query and associate alert with it. My understanding that I cannot set alert off the dashboard panel
Re: Alerts are not working
Posted: Fri Apr 08, 2016 2:06 pm
by hsmith
You should create unique queries for all of the alerts you want to have, unless I'm missing something.
Re: Alerts are not working
Posted: Fri Apr 08, 2016 4:35 pm
by gimeb
I have created query and alert. Please let me know if I configured it correctly. I have attached screen prints to show the steps.
1. Please let me know the reason for the dropdown list in Advanced section of the WarrantyAPI-Alert and how it should be used. See page 3.
2. Should the WarrantyAPI-Query be selected from the dropdown list (next to the Load button)? Currently, there is nothing selected. See page 2.
Re: Alerts are not working
Posted: Mon Apr 11, 2016 9:22 am
by hsmith
gimeb wrote: Please let me know the reason for the dropdown list in Advanced section of the WarrantyAPI-Alert and how it should be used. See page 3.
Select the query that you saved from the dropdown. That's really all there is to it. If you need to edit the query, it can be done there, but it will be much easier to edit your saved query.
gimeb wrote:2. Should the WarrantyAPI-Query be selected from the dropdown list (next to the Load button)? Currently, there is nothing selected. See page 2.
Yeah, it should be selected from the dropdown.
Re: Alerts are not working
Posted: Mon Apr 11, 2016 12:29 pm
by gimeb
As you have suggested, I have selected the WarrantAPI query from the dropdown list and saved the alert. After I have opened it again there was nothing selected from the dropdown and it was empty. The query details were the same (see below) when I have selected the query from dropped down or when nothing was selected (refer to screen prints I have send to before). Therefore, please validate if I have configured alert correctly.
{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"WarrantyAPI"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1460055824720,"to":1460142224720}}}]}}}}}
Re: Alerts are not working
Posted: Mon Apr 11, 2016 1:48 pm
by hsmith
Can you test this query to make sure it's working correctly? Your screenshots in the previous post make it look like you've correctly set it up. As long as the query is still there, you should be fine.
Re: Alerts are not working
Posted: Tue Apr 12, 2016 6:34 pm
by gimeb
Please let me know that in order to set up an alert:
1. I will need to create a global or local query first
2. Configure an alert based on the query.
And this is the only way to set up an alert
Please confirm
Re: Alerts are not working
Posted: Wed Apr 13, 2016 10:13 am
by rkennedy
Yes. As @hsmith mentioned -- make sure your query is working properly. Once it is, then it's time to move on to setting up the alert, as it will be based on the query.