You can create a threshold alert to periodically check when your data goes above or below a certain threshold within a given time interval. It’s one of the most common type of alerts that you can create using Watcher. For more advanced watches, see the Create Advanced Watch.
To create a threshold alert:
- Click the Create threshold alert button.
You must first configure the inputs and triggers.
namefor the alert.
- Choose one or more indices that have a time-based field as the alert input.
Configure a trigger interval.
Here, you can configure the condition that will cause alert to trigger. The UI is interactive and selecting the various elements within the expression will display a UI to change the values.
Here are a few examples of common alerts based on x-pack monitoring data:
- High heap usage:
- System load:
Here are some specifics of how the visualization works:
The time window that is used in the visualization is calculated by taking the duration defined in the expression and multiplying it by 5. So, if you select
FOR THE LAST 5 hours, the visualization will show data from the last 25 hours.
- In the chart, you will see a blue line that represents the aggregated data. There is also a red line that represents the threshold value.
If you use the
termsaggregation to aggregate over a specific field, there will be multiple visualizations available and pagination controls will appear as shown below.
Here you can configure the various actions that will occur when the alert fires.
Add new action to trigger a dropdown selection:
Selecting an action will allow you to customize settings for the respective action.
The supported actions are: