Elasticsearch alert template for Fluentd with Kubernetes

Comment

When creating alerts in Elasticsearch for Fluentd and Kubernetes data, I find the following alert template useful:

Elasticsearch query alert '{{alertName}}' is active:

- Value: {{context.value}}
- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}
- Timestamp: {{context.date}}
- Link: {{context.link}}

Hits:
- {{context.hits.0._source.kubernetes.namespace_name}}
- {{context.hits.0._source.kubernetes.pod_name}}
- {{context.hits.0._source.log}}

(The “Hits” part is new.)

no responses for Elasticsearch alert template for Fluentd with Kubernetes

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.