I need help in ELASTALERT
I have a log message like this :
log.info("Server is started at "+LocalDateTime.now());
and I need to write a query in rule for it: I am writing as
- query:
query_string:
query: "message: *Server is*"
It seems like its not working. Can anyone tell me how to do it?