我正在尝试为这种情况编写一个 elast 警报:如果 5 分钟内没有来自应用程序的日志,它应该发出警报。我尝试了以下规则,但它不起作用。语法或查询中是否缺少某些内容?
nextrulename: DevopsNoLogs
index: logstash-*
type: flatline
threshold: 1
timeframe:
seconds: 1
filter:
- query:
query_string:
query: '@module_tag:devops'
alert: my_alerts.AlertManager
labels:
alertsrc: elasticsearch
kafka: 'true'
slack: 'true'
severity: critical
host_impacted: vcmts-all
wikilink: https://etwiki.sys.comcast.net/display/NGAN/DAA+Operations
annotations:
summary: alert is fired if there are no logs in kibana from RLCM Dashboard component for a duration of 5m.