Log inactivity monitoring in ELK stack

0
votes

I am configuring an ELK stack server with filebeat which monitors log files and sends to log stash. Is it possible to configure an alerting mechanism either at filbeat or log stash level such that we get alert in case the logs being monitored are no longer being written into.

1
elasticsearchlogstashfilebeat

1 Answers

0
votes

Filebeat and Logstash are event oriented so they can't tell you when data is not being shipped since nothing is being triggered. For this you would probably need to purchase the Elastic Watcher alerting mechanism or use services like Logz.io who also offer an alerting mechanism.