improve docs on logit elastalert

DFE-Digital · Jan 15, 2025 · 554f9c0 · 554f9c0
1 parent a0c18ed
commit 554f9c0
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/documentation/logit-io.md b/documentation/logit-io.md
@@ -51,10 +51,18 @@ To create a new stack:
 ## Monitoring and Alerting
 
 We have enabled Logit stack alerts and notification (elastalert).
-Each stack has a monitor for too many logs per hour, and no logs in 30 minutes.
+
+Each stack has a monitor for
+- too many logs per hour
+- no logs in 30 minutes
+- email addresses in the logs
+
 When triggered, an email alert will be sent to the TS Infra team email address, and we should investigate why there are too many or missing logs.
+
 It will re-alert every 3 hours until any issue is resolved.
 
+See [Elastart docs](https://elastalert.readthedocs.io/) for info on writing alerts.
+
 ## Logstash inputs
 Filebeat sends logs to logstash as json so they can be decoded to create fields in ElasticSearch and query them with Kibana.