It only takes a few minutes to add alerting to any of your Logit ELK stacks. Once enabled, you'll be able to edit and set up alerting rules for all your stacks.
Provision Alerting for a Stack
When you login your stacks are displayed on the dashboard. To enable alerting for a stack, choose 'View Stack Settings'.
Next, choose 'Alerting & Notifications' and then choose 'Setup alerting for this Stack'
Create your Alerting Rule
Use the code block below to quickly get started with your Slack alert.
name: Production App Errors
type: any
index: logstash-*
filter:
- query:
query_string:
query: "type:error"
## Receive an alert for every single match
realert:
minutes: 0
# (Required)
# The alert used when a match is found
alert:
- "slack"
## Live alerts channel
slack_webhook_url:
- “[YOUR SLACK HOOK]”
How to use the code
Paste the code into the alert replacing any existing rule.
Then just edit the code to match the filter query you need, in this case, we are looking for matches on "type:error".
Replace [YOUR SLACK HOOK] with your slack hook URL.
Choose test to run the rule against your data over the last 2 hrs.
Once happy, choose update to apply and save the rule.
Now you're all set to send alerts to Slack from Logit!
What's next?
Learn more about ElastAlert rules: if you'd like to learn more about ElastAlert rules from the people that built it, check out their cheat sheet.
Read Logit's Introduction to alerting
Learn how to send alerts to Email from your Logit stacks.
Learn how to send alerts to PagerDuty from your Logit stacks.