Alerts an Action 7.12 not working

Hi, I have create some alerts for ML jobs, and is not sending mails, I have tested the send email action and it works, I have set the alerts to the lowest level of anomaly score, both bucket and record (on separated alerts) but I dont get the mail.

I check the condition and its ok
check de connector and sends mail

I was watching the GUI of alerts and action and I realize that my alerts are ok, but not active, this has something to do with it? how I activate the alerts?

@gmmorris can you plz shed some light on this ?

also in the meantime, it would be good to procure the logs, when this action takes place . Alert instances will come and go from the list depending on whether they meet the alert conditions or not - unless they are muted. If a muted instance no longer meets the alert conditions, it will appear as inactive in the list. This prevents an instance from triggering actions if it reappears in the future.

If you want to suppress actions on all current and future instances, you can mute the entire alert. Alert checks continue to run and the instance list will update as instances activate or deactivate, but no actions will be triggered.

You can read here, Alert details | Kibana Guide [7.12] | Elastic


Check your Kibana logs - if there is an error executing an action, it should generate an error or warning message i the Kibana log.

Can you post the email message you have set? I'm wondering if there is some error in it, somehow, that would prevent the email from being generated.

It appears you used the "test connector" function - did that send you an email successfully?

Looks like we should have an explainer for some of our terminology, regarding "Active" and "OK". For the screenshot you're using with the alert instances, "Active" means the alert is currently triggering and should be executing it's actions. "OK" means it was previously triggering actions, but is now not triggering actions. In future releases of Kibana, we've relabled "OK" in this page to "Recovered" as a more precise term.

hi @ElasticLiver ,

Can you please share which result type did you use for creating this alert?

If it's a Bucket result (the default one), the alert execution looks up for anomalies higher (strict comparison >) than specified severity within the interval of 2x bucket span length. So if you set it to 0, you won't receive notification about buckets with a 0 score. Please refer to the docs for more details.

1 Like

Hi, thanks for your answer, in the link you game me says this
" For each alert, you can configure the anomaly_score that triggers it. The anomaly_score indicates the significance of a given anomaly compared to previous anomalies. The default severity threshold is 75 which means every anomaly with an anomaly_score of 75 or higher triggers the alert."

so why don't zero will be considered if in the docs says that 75 or higher will be considerer?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.