Have a customer with a mature Elastic/Kibana environment with a large number of alerts defined. As such I am not wanting them to have to add additional actions/make changes to these alerts with regards to my request below.
I am looking to poll the environment via API/Query etc... to retrieve any new (active) alerts that have been created since the last poll cycle. Can someone point me at the relevant docs on this/article perhaps/or an example query that could accomplish this please.
Note that by default these indices are NOT accessible to normal users. The reason is that we store the history of ALL of the alerting activity there, and don't have a great way of preventing access to alerts that users SHOULD NOT have access to. Any user given read/query privileges to these indices will be able to see some info about ALL of the alerts across the entire cluster.
The link ^^^ will hopefully provide enough information about how you can query to see alert activity over time over the entire cluster. Ping back here if you need more info, or have suggestions for improving this - we are actively working on making this kind of data more accessible to all users in a secure fashion.
This would be an internal system to system integration/polling via the RESTful API with creds kept securely in a vault, so that should negate the security concerns you highlighted Patrick if allowing end users access to this.
Thanks for the info, you have definitely helped answer my question.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.