It only takes a few minutes to add an ElastAlert server to any of your Logit ELK stacks. Once enabled, you'll be able to edit and setup alerting rules for all your stacks.

Provision your ElastAlert server

When you login in your stacks are displayed on the dashboard. To enable alerts for a stack, choose the 'Settings' button.

Next, choose 'Alerts' and then click 'Provision ElastAlert for this stack' 

Then create your ElastAlert rule

Use the code block below to quickly get started with your Slack alert.

name: Production App Errors

type: any

index: logstash-*

filter:
- query:
    query_string:
      query: "type:error"

## Receive an alert for every single match
realert:
  minutes: 0

# (Required)
# The alert used when a match is found
alert:
- "slack"

## Live alerts channel
slack_webhook_url:
- “[YOUR SLACK HOOK]”

How to use the code

  1. Paste the code into the alert replacing any existing rule.
  2. Then just edit the code to match the filter query you need, in this case we are looking for matches on "type:error".
  3. Replace [YOUR SLACK HOOK] with your slack hook url.
  4. Choose test to run the rule against your data over the last 24hrs.
  5. Once happy, choose update to apply and save the rule.

Now you're all set to send alerts to Slack from Logit!

What's next?

Did this answer your question?