I'm creating a network monitor that catches SNMP traps and other hardware issues, displaying them in a table in Kibana. I'll eventually hand off this monitor to folks who will address the issues they see in Kibana.
The problem is once they resolve an issue, they can't acknowledge they've resolved it, thus the alert is still visible in Kibana and appears unresolved. This issue persists until the alert hasn't been sent in the timeframe we're looking at (typically 15 minutes).
Is there a way in Kibana/ES to acknowledge an alert or any plan to build a plugin such as this? I could add a couple fields such as alert_acknowledged / alert_resolved that I could filter on, but unsure how I could populate this field from Kibana.
Is there a way in Kibana/ES to acknowledge an alert or any plan to build a plugin such as this?
Not in Kibana. If you were using Watcher for creating alerts, you could ack the alerts. This is made easier by the Watcher UI recently shipped as well.
I could add a couple fields such as alert_acknowledged / alert_resolved that I could filter on, but unsure how I could populate this field from Kibana.
This would work, as you could simply filter on the field and only show messages that are not ack'd or resolved. You'd have to build your own custom integration for it though, either as a Kibana plugin, or as part of a custom application that simply modifies documents in Elasticsearch.
I don't believe there are hooks for adding interactivity to the table visualization right now, so even forking that won't be all that useful. It's probably easier to build your own interactive vis, if you still want to embed that control in Dashboard. If you don't care about use in Dashboard, you could write a custom Kibana app, for displaying and modifying the status of your notifications.
If that's something you're interested in exploring, the Kibana plugin generator is the best thing we have for getting started.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.