Hi,
I'm trying to explore "Alerts and actions" but its not visible under Kibana> Mangement.
Using: Kibana 7.6.2 and Basic mode.
I have tried in on-premise standalone (where no user authentication requires) and also verified with security enabled (here I'm using elastic username and password generated from set-uppassword). But still not accessible.
I have followed below link: https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html#alerting-setup-prerequisites
Please let me what settings are required? Let me know if I missing any information. Will update
Thanks Joshdover! I figured it out and its coming by default after installing the 7.7 .
Ideally the subscription page should highlight that it is available since 7.7+. (Just suggestion)
However few questions/Observations
Using: basic mode - the Beta "Alert and Actions"
The functionality seems to be immature currently. (I know its beta but I was expecting more from ELK stack)
I was trying to make very simple Alert in which Alert should be triggered when events/logs have some "exception" term (count>10 in last 10 minutes) present. But to my surprise I can't do that at this point of time. I can't select the fields from my indexed pattern.
I had used Index threshold and I can't see the field in dropdown conditions.
How can I select some simple search query term in Alert. Is it possible. Please let me know if i can do that?
I was trying to use saved searches from Discover, but using saved searches is not present.
Also, when using Index as Action below error keep coming and Alert was not triggering: log [07:27:55.564] [error][plugins][taskManager][taskManager] Task actions:.index "c0090830-9bfd-11ea-887f-afb3323449c5" failed: Error: error validating action params: [documents]: expected value of type [array] but got [undefined]
I have used " {{alertId}} {{alertName}} {{spaceId}}" in Document
6) The server log actions is working.
7) Let me know how we can Alert on Index having some exception string present in logs.
Below is my use case when exception count is more than 10 in last 5 minutes Alert should trigger.
Attaching Discover page where I'm parsing some dummy logs having exception on message field:
Point 2) I was able to see my indexed pattern fields only if it is integer type.
When we can add aggregation for string type? Based on existing Alert functionality can we set alert based on some string and trigger it?
Is this currently only useful for Metrics?
Point 3) Ok I can see only if it is integer type.
Point 6) Understood the issue and created proper json doc. After preparing it properly in json format it got pushed to Index action configured.
But still how can i use implict variables like {{alertId}} {{context.date}}?
I was only able to send hardcoded data in document. How can i make it more dynamic like sending current date and time or string in doc?
Also, still sometimes data is not pushed from index action connector. And there is no error printing in logs. How we can debug further.
Hi @tarun1, thank you very much for the feedback, it's really exciting for us in Kibana seeing users like you engaging early with our new products and it is extremely helpful to be receiving your feedback. This is particularly true when expectations are high Thankfully, I can share that a lot of what you are looking to do with Kibana alerts and actions, will be available soon. As you mentioned 7.7 is the first Beta release and it comes with a number of Elastic Observability and Elastic Security specific alert types and a generic one (as I will explain shortly, we are working on quickly expanding this array of out of the box alert types). The generic alert type, the one you are discussing as far as I can tell, currently only offers threshold alerts on numeric values but the good part is that we have built the new alerting so that you can leverage alerts and actions everywhere in Kibana. Among other things, this means in practice that we will iterate fast, as a number of teams are working on their solution-specific alert types and features. For example the term-matching alerting you are looking for in #2, #3 and #4, will become available in the upcoming releases within the Logs solution, as well as on the framework level as a generic alert on any index, similarly to how you are trying to use it (hint: with the current data, I am expecting the Logs-specific version to land first). Discover-related #5 and #7 will most probably come next. Error status and investigation are also in the roadmap. I hope that this information paints a picture and I am really hoping that many of your needs will be covered pretty soon. I will also look forward to your feedback following the next release. Finally, I would like to understand more about what you are looking for concerning the alert variables {{...}}, if you can share a little more detail.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
Thankfully, I can share that a lot of what you are looking to do with Kibana alerts and actions, will be available soon. As you mentioned 7.7 is the first Beta release and it comes with a number of Elastic Observability and Elastic Security specific alert types and a generic one (as I will explain shortly, we are working on quickly expanding this array of out of the box alert types). The generic alert type, the one you are discussing as far as I can tell, currently only offers threshold alerts on numeric values but the good part is that we have built the new alerting so that you can leverage alerts and actions everywhere in Kibana. Among other things, this means in practice that we will iterate fast, as a number of teams are working on their solution-specific alert types and features. For example the term-matching alerting you are looking for in