It only takes a few minutes to add Alerting & Notifications to any of your Logit ELK Stacks. Once enabled, you'll be able to edit and configure alerting rules on your logs and metrics.

Provision Alerting for your Stack

When you login in your stacks are displayed on the dashboard. To enable alerts for a stack, choose 'Stack Settings'.

Next, choose 'Alerting & Notifications' and then choose 'Setup alerting for this Stack'

Then create your OpsGenie ElastAlert rule

Use the code block below to quickly get started with your OpsGenie alert.

# Alert when the rate of events exceeds a threshold

# (Required)
# Rule name, must be unique
name: opsgenie_rule

# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency

# (Required)
# Index to search, wildcard supported
index: logstash-*

# (Required)
# OpsGenie credentials
opsgenie_key: ogkey

# (Optional)
# OpsGenie user account that the alert will show as created by
# opsgenie_account: OpsGenieUserAccount

# (Optional)
# OpsGenie recipients of the alert
# opsgenie_recipients:
# - "Recipient1,Recipient2"

# (Optional)
# OpsGenie recipients with args
# opsgenie_recipients:
# - {recipient}
# opsgenie_recipients_args:
# team_prefix:'user.email'

# (Optional)
# OpsGenie teams to notify
#opsgenie_teams:
# - "Infrastructure"

# (Optional)
# OpsGenie teams with args
# opsgenie_teams:
# - {team_prefix}-Team
# opsgenie_teams_args:
# team_prefix:'team'

# (Optional)
# OpsGenie alert tags
opsgenie_tags:
- "Production"

# (Required, frequency specific)
# Alert when this many documents matching the query occur within a timeframe
num_events: 50

# (Required, frequency specific)
# num_events must occur within this amount of time to trigger an alert
timeframe:
hours: 2

# (Required)
# A list of Elasticsearch filters used for find events
# These filters are joined with AND and nested in a filtered query
# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
filter:
- query:
query_string:
query: "@message: "type:error"

# (Required)
# The alert is use when a match is found
alert:
- "opsgenie"

How to use the code

  1. Paste the code into the alert replacing any existing rule.

  2. Then just edit the code to match the filter query you need, in this case we are looking for matches on "type:error".

  3. Choose test to run the rule against your data over the last 24hrs.

  4. Once happy, choose update to apply and save the rule.

Now you're all set to send OpsGenie alerts from your Logit Stack.

What's next?

Did this answer your question?