Hello everyone,
This issue should be resolved according to this post
I am using Elastic Cloud Stack v8.11.4.
I tried to do it but it doesn't alert me even though one of my nodes is off.
I tried to filter only my off-node and it says no data matches, run my rule but it is still not active.
There is this link that says it is working on his case.
Can anyone tell me what I did wrong? Basically what I want to do is to create an alert if a node has an issue sending data.
When you group like this, and no documents match, there won't be any groups to alert on. Index threshold can't really be used for this sort of alerting. I suggest you look at metric threshold or custom threshold rule types instead, which offer some options for alerting on "no data" conditions.
I have tried custom threshold.
Here is my setup
Custom threshold
But it still does not alert me when I purposely shut down one of my nodes.
The problem with the metric threshold is that it doesn't let me select data view and I need it to pinpoint which data that has trouble.
You might want to change your condition to something that will match some documents. I fear it's again matching nothing, so there's nothing to group over. You can set the alerting action to only fire on No Data, and not have one set on Alert, so you could change your condition to IS ABOVE 1, for instance.
Interesting, I have tried your idea. I set action on No Data and have the condition modified to be ABOVE 150. It alerts my healthy node as expected but the no data action doesn't run still.
Here is my action setting.
Can you show the full rule definition (screenshot(s))?
And presumably you've waited 2x the rule interval after one of the sources stops reporting, to make sure it won't return any data when it runs.
Yes, I have waited & checked on Discover on the metrics-* data view. In the last few hours, no data has been coming from the off-node.
Here is the full rule definition.
I think at this point you should open a bug so we can track this: Sign in to GitHub · GitHub
Post the issue # back here so we can label it up correctly.
Any update on this?
I found that conditional threshold would never trigger the alert no matter what I tried.
The connector and index worked fine (If I manually ran a test from the connector). The rule would also fire showing that it was triggered. But no matter what Kibana refuses to run the alert trigger.
Did you open a bug so we can track this?
Have you tried on a more recent release? 8.11 is a year old, and I guess Custom Threshold was still in Tech Preview (given the screen shot), but is now considered GA (fully supported).
Yeah, I upgraded to 8.18.0 yesterday. Same problem.
The rule refuses to perform any alert action. I am curious if others are seeing the same thing? I am sending it to an index, just does not work. Can others confirm?
I found other rule types that don't work either. Is it just me or does rule action alert usage seem inconstant if they work or not?
I created a separate post about this here Custom Threshold not triggering alert to index - Elastic Stack / Kibana - Discuss the Elastic Stack
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
