Logit.io

An 'Any Alert' as its name suggests will match any events that match the query <code>filter</code>.

Use the <code>type</code> any to match all limits the results you use a query filter as shown in the example below. You can simply cut and paste this example into your new Logit alert and then modify the elastic query to match the required events. Next, update the email address and test and run the alert.

name: "Any match alert example" type: any index: "*-*" filter: - query: query_string: query: "agent.hostname:azure AND status: [500 TO 599]" alert: - "email" email: - "example@logit.io"

Read Logit's <a href="https://help.logit.io/en/articles/3624510-an-introduction-to-alerting">introduction to alerting</a>

Learn <a href="https://help.logit.io/en/articles/3622196-how-do-i-create-a-new-elastalert-rule">how to create an ElastAlert rule</a>

Learn <a href="https://help.logit.io/en/articles/3633552-how-can-i-check-my-elastalert-rule-is-configured-correctly">how to ensure my ElastAlert rule is configured correctly</a>

Learn more about ElastAlert rules: if you'd like to learn more about ElastAlert rules from the people that built it, check out their <a href="https://elastalert.readthedocs.io/en/latest/ruletypes.html" rel="nofollow noopener noreferrer" target="_blank">cheat sheet</a>.

- Read Logit's <a href="https://help.logit.io/en/articles/3624510-an-introduction-to-alerting">introduction to alerting</a>
- Learn <a href="https://help.logit.io/en/articles/3622196-how-do-i-create-a-new-elastalert-rule">how to create an ElastAlert rule</a>
- Learn <a href="https://help.logit.io/en/articles/3633552-how-can-i-check-my-elastalert-rule-is-configured-correctly">how to ensure my ElastAlert rule is configured correctly</a>
- Learn more about ElastAlert rules: if you'd like to learn more about ElastAlert rules from the people that built it, check out their <a href="https://elastalert.readthedocs.io/en/latest/ruletypes.html" rel="nofollow noopener noreferrer" target="_blank">cheat sheet</a>.

What's next?