Hello,
Currently I am receiving about 100-200 logs per minute from about 20 servers and filtered them out from Application to Security and then Warnings to Errors for each winlogbeat_level. I am a bit comfortable with sorting out the logs but I have ran into a wall head-on.
I am attempting to create an alert for only critical issues that require immediate attention but I have yet to come across a log that meet those requirements, therefore I have no information on how I should filter critical messages out.
How would I go about this? Should I just sit and look at the logs until I come across one? I actually have been doing that for the past 2 days.
The winlogbeat_level would equal “Critical”, right? Here is one I had:
on message: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
