{
"trigger":{
"id": "trigger-project",
"name": "Project Logging Trigger",
"description": "Alert on Project Logging (EFK infrastructure)",
"severity": "HIGH",
"enabled": true,
"tags": {
"Elasticsearch": "Demo ES instance"
},
"context": {
"timestamp": "@timestamp",
"interval": "30s",
"index": "project.logging*",
"mapping": "type|'Unknown':category,@timestamp:ctime,message:text,hostname:dataId,index:tags"
},
"actions":[
{
"actionPlugin": "elasticsearch",
"actionId": "write-full-alert"
},
{
"actionPlugin": "elasticsearch",
"actionId": "write-partial-alert"
},
{
"actionPlugin": "email",
"actionId": "email-to-admins"
}
]
},
"conditions":[
{
"type": "EVENT",
"dataId": "192.168.122.198",
"expression": "category == 'response'"
}
]
}