Alerting within Kibana - ES 7.7

Sinnott · June 18, 2020, 5:14pm

Hi Elastic Community!

I am testing out Alerting from Kibana within Elasticsearch 7.7 (feature currently in Beta).

Does anyone know if it is possible to pull specific field information from an Index when an alert, setup in Kibana, is triggered?

The only fields I can access are the following:

{{alertName}}
{{alertId}}
{{alertName}}
{{spaceId}}
{{tags}}
{{alertInstanceId}}
{{context.message}}
{{context.title}}
{{context.group}}
{{context.date}}
{{context.value}}

I believe this is done using mustache (mustache(5) - Logic-less templates.) but I can't seem to find out what context/template Kibana has available to it to populate the above.

Example:
I would like to setup an alert based on metricbeat data:

IF
INDEX metricbeat*
WHEN average()
OF system.filesystem.used.pct
OVER all documents
IS ABOVE 0.95
FOR THE LAST 60 seconds

Send an email of:

Alert {{alertName}}!

Server {{agent.name}} has used {{context.value}} percent of storage!

Summary:
{{system.filesystem.device_name}},
{{system.filesystem.total}}
{{system.filesystem.used.bytes}}
{{system.filesystem.available}}

{{system.filesystem.used.pct}}

Kind Regards,
Kibana

Kind Regards,
SJ

mikecote · June 18, 2020, 7:15pm

Hi @Sinnott,

I believe you are correct and that the list of fields you can access is all there is available in the mustache template for a Metric Threshold. I would recommend opening an enhancement request in the Kibana repository to have access to more context attributes from your Metric Threshold alert.

Sinnott · June 19, 2020, 8:30am

Thanks @mikecote for getting back so quickly! Logged that as an enhancement request in GitHub so fingers crossed.
Really like the direction the platform is going btw and understand alerting in Kibana is in phase 1 of 3 so fingers crossed it gets included in future versions.

SJ

system · July 17, 2020, 8:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.