After T109515, I would like to add the option to continuously monitor a configurable logstash query, and alert if error frequency crosses a threshold.
Another possibility would be the option to watch for specific messages and trigger an action if a specific (configurable) pattern is seen in the logs.