For very important logs I create an alert for each source. If the number of logs is below one for a certain timeframe the alert triggers, and includes the system it is monitoring.
For less important logs I check for the cardinality of sources on the stream. If one is missing I’ll have an alert and a manual investigation, which one is missing.
This is no machine-readable API though. :-/
2 Likes