I want to build a dashboard that lists alert strings for administrators and creates some basic statistics on these generated alerts. Here's the details.
My event stream comes from a bunch of agents that periodically report values for some key settings. So, I have an index full of daily updates from many agents consisting of:
agentId = , settingA = foo
I want to generate an alert when I detect that settingA has flipped from "foo" to "bar". I'd like to be able to generate a message that says: "Agent X has changed its setting from 'Foo' to 'Bar'." Since I have a large number of events, I need to run this alert generation report as a scheduled background report.
Moreover, I'd like to be able to assign a severity code to each alert message and do a "stats count by severity". In other words, I want to generate some complex stats and charts based on the number of alerts and their severity.
Any recommendations on how to implement this in an application? I know its a broad question but I know someone has implemented something similar.
Thanks,
Tim
... View more