Dear all,
seeking for a clarification regarding Kibana alerting I would like start offering to my internal elasticsearch customers.
Right now I am using elastalert and I am running on 7.17.4 on ubuntu a central, licensed stack with different customers logging in via AD. Each of them has his / her own Kibana space. Over the years I took a look to watcher. But that solution at that point in time was not customer friendly at all in my opinion (perhaps that changed).
After reading about Kibana alerting I have 3 basic questions:
If a user / member of a space defines a Kibana alert in his space, that alert should not be visible in other spaces, correct?
A 'normal' user (no super root kind of role) is allowed to define Kibana Alerts, or does perhaps need some additional roles, but he does NOT need to be Elasticsearch admin. Correct? (meaning: everyone can define alerts)
Regarding watcher versus Kibana Alerting: Also in Kibana Alerting I can define an alert based for example on receiving a certain metric (e.g. CPU over 80%) or a certain text in a log. Correct?
Thank you so much for any insight. I am starting this topic from the scratch.
Kind regards
Stefano
If a user / member of a space defines a Kibana alert in his space, that alert should not be visible in other spaces, correct?
This is correct. Rules are defined per space so a user with access to only Space 1 will only see the rules in Space 1 and no other spaces.
A 'normal' user (no super root kind of role) is allowed to define Kibana Alerts, or does perhaps need some additional roles, but he does NOT need to be Elasticsearch admin. Correct? (meaning: everyone can define alerts)
This is correct. A user does not need any type of superuser role to create rule and connectors. They only need to have the "All" feature privilege for the specific rule type they want to create. For example, if they want to create a Security rule, they will need the "All" feature privilege for Security.
Regarding watcher versus Kibana Alerting: Also in Kibana Alerting I can define an alert based for example on receiving a certain metric (e.g. CPU over 80%) or a certain text in a log. Correct?
Kibana Alerting offers pre-defined rule types. It sounds like you're interested in the Metric Threshold and Log Threshold rule types that are available in the Observability section of Kibana.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.