You can create a threshold alert to periodically check when your data goes above or below a certain threshold within a given time interval. It’s one of the most common type of alerts that you can create using Watcher. For more advanced watches, see the Create Advanced Watch.
To create a new threshold alert:
Create new watchbutton
Next, let’s look at the UI and how to use it.
To create a threshold alert, you need to first configure the inputs and triggers.
namefor the alert.
- Choose one or more indices that have a time-based field as the alert input.
- Configure a trigger interval.
Next, you will be able to specify the conditions to trigger the alert.
Here, you can configure the condition that will cause alert to trigger. The UI is interactive and selecting the various elements within the expression will display a UI to change the values.
Let’s look at a few examples of common alerts based on x-pack monitoring data:
- High heap usage:
- System load:
Here are some specifics of how the visualization works:
The time window that is used in the visualization is calculated by taking the duration defined in the expression and multiplying it by 5. So, if you select
FOR THE LAST 5 hours, the visualization will show data from the last 25 hours.
- In the chart, you will see a blue line that represents the aggregated data. There is also a red line that represents the threshold value.
If you use the
termsaggregation to aggregate over a specific field, there will be multiple visualizations available and pagination controls will appear as shown below.
Here you can configure the various actions that will occur when the alert fires.
Add new action to trigger a dropdown selection:
Selecting an action will allow you to customize settings for the respective action.
The supported actions are: