We require a ELK (Elasticsearch, Logstash, Kibana) specialist with prior experience with Sentinl to create a watcher to monitor a log index for results of a specific Lucene search phrase and to raise an alarm (for email and Slack) when the number of results increases by more than X% between two periods.
e.g. assuming the current time is 10:00:00AM
Index: system-x
Lucene query: LoggerName:NetworkLogger AND Level:ERROR
Period: Between 10:00:00AM and 09:55:00AM
Interval: 1 minute
Threshold: 10%
In the example above, Sentinl should run the Lucene query every minute, and raise an alarm if the number of results returned from for the current period (between now-5m and now) is greater than 10% more than the previous period (between now-6m and now-1m)
If consultant wishes to propose alternative ways of achieving the same but still with ELK and Sentinl, we are receptive to their ideas.
Additional Information
----------------------------
Our installation:
We are running ELK v6.3.1 and require assistance with the configuration of the Sentinl alerting service. ELK and SentiNL are already installed and the log server will be accessible remotely for the chosen consultant.
SENTINL extends Siren Investigate and Kibana with Alerting and Reporting functionality to monitor, notify and report on data series changes using standard queries, programmable validators and a variety of configurable actions.
About the recuiterMember since Mar 14, 2020 Muhammad Rapi
from Lombardia, Italy