Grafana 8.3.4
ELK version: 7.17.3
Gathering logs with Filebeat → Logstash → Elasticsearch and using Elasticsearch as a data source in Grafana. I can query the Elasticsearch data from Grafana just fine. I need to create a query/alert to notice when certain log files are no longer gathering data. For example if /var/log/audit has not been updated in the last 1h I want to generate an alert.
It’s important that the query/alert triggers on a per host basis. In other words, if I have 100 hosts logging to Elasticsearch and only one of them stops updating /var/log/audit then the alert should generate for that host with that hostname in the alert text.
Can someone guide me on how to create this alert? Thank you in advance.