Logit.io

A Percentage Match alert matches when the percentage of documents within a <code>match_bucket_filter</code> within a calculation window (by default <code>buffer_time</code>) is higher or lower than a relative percentage value <code>max_percentage</code>.

This would allow you to receive alerts in scenarios such as If there is a 20% increase <code>max_percentage</code> in the number of 500 errors <code>match_bucket_filter</code> within a 15 minutes timeframe <code>buffer_time</code> you would receive an alert to your configured channel. Here is an example below:

name: "Percentage match example" type: percentage_match index: "*-*" filter: - query: query_string: query: "agent.hostname:azure" match_bucket_filter: - query_string: query: "router.status: [500 TO 599]" doc_type: _doc max_percentage: 20 buffer_time: minutes: 3 alert: - "email" email: - "example@logit.io"

In addition, you can also provide a <code>filter</code> query to limit the initial results that the match_bucket_filter will be applied to.

Read Logit.io's <a href="https://help.logit.io/en/articles/3624510-an-introduction-to-alerting">introduction to alerting</a>

Learn <a href="https://help.logit.io/en/articles/3622196-how-do-i-create-a-new-elastalert-rule">how to create an ElastAlert rule</a>

Learn <a href="https://help.logit.io/en/articles/3633552-how-can-i-check-my-elastalert-rule-is-configured-correctly">how to ensure my ElastAlert rule is configured correctly</a>

Learn more about ElastAlert rules: if you'd like to learn more about ElastAlert rules from the people that built it, check out their <a href="https://elastalert.readthedocs.io/en/latest/ruletypes.html" rel="nofollow noopener noreferrer" target="_blank">cheat sheet</a>.

- Read Logit.io's <a href="https://help.logit.io/en/articles/3624510-an-introduction-to-alerting">introduction to alerting</a>
- Learn <a href="https://help.logit.io/en/articles/3622196-how-do-i-create-a-new-elastalert-rule">how to create an ElastAlert rule</a>
- Learn <a href="https://help.logit.io/en/articles/3633552-how-can-i-check-my-elastalert-rule-is-configured-correctly">how to ensure my ElastAlert rule is configured correctly</a>
- Learn more about ElastAlert rules: if you'd like to learn more about ElastAlert rules from the people that built it, check out their <a href="https://elastalert.readthedocs.io/en/latest/ruletypes.html" rel="nofollow noopener noreferrer" target="_blank">cheat sheet</a>.

Additional Options

What's next?