Alerts and actions Links not accessible

Hi,
I'm trying to explore "Alerts and actions" but its not visible under Kibana> Mangement.
Using: Kibana 7.6.2 and Basic mode.
I have tried in on-premise standalone (where no user authentication requires) and also verified with security enabled (here I'm using elastic username and password generated from set-uppassword). But still not accessible.
I have followed below link:
https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html#alerting-setup-prerequisites

Please let me what settings are required? Let me know if I missing any information. Will update

Hi there Tarun!

Alerts & actions was released in Kibana 7.7, so you will need to upgrade to 7.7.0+ first to access this feature.

Thanks Joshdover! I figured it out and its coming by default after installing the 7.7 .
Ideally the subscription page should highlight that it is available since 7.7+. (Just suggestion)

However few questions/Observations
Using: basic mode - the Beta "Alert and Actions"

  1. The functionality seems to be immature currently. (I know its beta but I was expecting more from ELK stack)
  2. I was trying to make very simple Alert in which Alert should be triggered when events/logs have some "exception" term (count>10 in last 10 minutes) present. But to my surprise I can't do that at this point of time. I can't select the fields from my indexed pattern.
  3. I had used Index threshold and I can't see the field in dropdown conditions.
  4. How can I select some simple search query term in Alert. Is it possible. Please let me know if i can do that?
  5. I was trying to use saved searches from Discover, but using saved searches is not present.
  6. Also, when using Index as Action below error keep coming and Alert was not triggering:
    log [07:27:55.564] [error][plugins][taskManager][taskManager] Task actions:.index "c0090830-9bfd-11ea-887f-afb3323449c5" failed: Error: error validating action params: [documents]: expected value of type [array] but got [undefined]

I have used " {{alertId}} {{alertName}} {{spaceId}}" in Document


6) The server log actions is working.
7) Let me know how we can Alert on Index having some exception string present in logs.
Below is my use case when exception count is more than 10 in last 5 minutes Alert should trigger.
Attaching Discover page where I'm parsing some dummy logs having exception on message field:
Exception

1 Like

Tagging @mikecote for feedback on the alerting feature ^

After exploring more, updates on my above points:

Point 2) I was able to see my indexed pattern fields only if it is integer type.
When we can add aggregation for string type? Based on existing Alert functionality can we set alert based on some string and trigger it?
Is this currently only useful for Metrics?

Point 3) Ok I can see only if it is integer type.

Point 6) Understood the issue and created proper json doc. After preparing it properly in json format it got pushed to Index action configured.
But still how can i use implict variables like {{alertId}} {{context.date}}?
I was only able to send hardcoded data in document. How can i make it more dynamic like sending current date and time or string in doc?
Also, still sometimes data is not pushed from index action connector. And there is no error printing in logs. How we can debug further.