0

You want to create a watch that sends an email only if the number of error logs in the last hour exceeds 100. Which combination of components is required?

hard🚀 Application Q8 of Q15

Elasticsearch - ELK Stack Integration

You want to create a watch that sends an email only if the number of error logs in the last hour exceeds 100. Which combination of components is required?

AInput with index name only, trigger with condition hits < 100, action to log message

BInput with search query filtering last hour errors, trigger with condition hits > 100, action to send email

CTransform to filter errors, action to send email, no trigger needed

DTrigger with condition hits > 100, no input or action required

Step-by-Step Solution

Solution:

Step 1: Define input to filter error logs in last hour
The input must search the index with a time filter and error level filter.
Step 2: Set trigger condition and action
The trigger checks if hits exceed 100, and action sends an email notification.
Final Answer:
Input with search query filtering last hour errors, trigger with condition hits > 100, action to send email -> Option B
Quick Check:
Input + trigger condition + email action needed [OK]

Quick Trick: Combine input filter, trigger condition, and email action [OK]

Common Mistakes:

MISTAKES

Omitting input filters
Using wrong trigger condition
Skipping action or trigger

Master "ELK Stack Integration" in Elasticsearch

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Elasticsearch Quizzes