Dear all, I have an ELK 7.8.0 server running OK.
I want to create some alerts for different events, and because I have the ELK open source version, I just can create two type of connectors: Index and Server Log. I'd like to have an index connector, so I ask you:
How can I create a new index called "alerts", with day rotation and index pattern "alerts-*", suitable for storing every type of alerts???
Thanks a lot !!!
For clarification, Kibana alerting is not available in open source version of Kibana, but is available in the Basic licensed version that you can download directly from here: https://www.elastic.co/downloads/kibana - I'll assume you are using that version rather than the open source version.
In terms of creating a new index with roll-over, you'll want to look into ILM - Index Lifecycle Management - https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html
It allows you to describe an index, index template, alias and rollover patterns in one managed place. Once that is set up and running, you can use the alias as the index name in index connector to have it write to the "current" index.
Dear Ptrick, thanks a lot for your answer, it's very relevant to me.
Because I have a Debian 10 box, I've installed Elasticsearch, Kibana and Logstash in this way:
In this way, Kibana hasn't email alert, just Index and Syslog alerts.
Is there any way to install Kibana with APT Debian in order to have email alerts?
Thanks a lot again!!!
Thanks for the info. You're using our "basic" licensed product (just to clarify since you previously mentioned using the open source version, which is different - basic is free, but not open source).
To get access to the other actions beyond server log and index, you'll need a gold license, or you can get a trial license to try it out for a while for free. There should be a link you can click on the connector's page to explore the gold license and trial:
If you're running Kibana on localhost, that link would be: https://localhost:5601/app/management/stack/license_management
All of the actions are also available in our cloud deployment offering, available here: https://cloud.elastic.co/
Ok Patrick, nos I understand.
Thank you so much!!!
Dear Patrick, how are you?
Some days ago you told me I have an ELK basic license (I installed ELK stack from Debian repositories) and so I have no the mail alerting feature (I have to pay for a license if I have to enable it).
But you mentioned the Kibana open source version, which has the mail alerting feature enabled.
So how can I do to have an ELK stack with Kibana open source version? In case it's possible, can I do that from Debian repo packages???
Thanks a lot again!!!
Sorry for the misunderstanding. The open source distribution of Kibana from elastic does not have any alerting available at all, and none of the actions (like email). The free "basic" license (which is not open source) version does include alerting, but not the email action (only index and log actions). The "basic" license can be upgraded to a paid "gold" license to get access to the additional actions (like email).
The way the product is structured is that there's an Apache-licensed open source version of elastic products (elasticsearch, Kibana, etc), and then we provide additional functionality on top of the open source version, available with the free "basic" license. To use the Kibana alerting feature from elastic, you'll have to be running at least the "basic" license version.
Dedar Patrick, now I understand !!!
Please, just a last question: is there any third-party software/plugin in order to get email alerts in Kibana? Because my company will not buy a license until November, I'm in the test phase and I need to test the email alerting capability.
Special thanks, greetings!!!
Sorry, I'm not familiar with the 3rd party ecosystem of Kibana plugins. You can enable a 30-day trial license, described above via the "Manage license" link in the "Select a connector" ui, which will give you 30 days of access to the all the actions, including email.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
