Create Alerting in Kibana using API

Baptiste_Orsoni · November 12, 2020, 2:14pm

Hello,

I would like to know if it is possible to create alerts with the Elastic Search API. Let me explain;

I have a script below that sends me the traffic of a client during the last 5 minutes:

    GET /app-sms-smpp-serversmpp-prd-7.4.2-2020.11.10/_search
    {
      "query": {
        "bool": {
          "must": [
          {
            "term": {
              "smpp.serversmpp.data.client": {
              "value": "KDEV"
              }
            }
          },
          {
            "range": {
              "@timestamp": {
                "from": "now-5m/m", 
                "to": "now/s"
              }
            }
          }
          ]
        } 
      }
    }

I would like to know if it was possible to create an alert (email for example) that would be triggered when the number of hits for this client during the last 5 minutes is zero for example.

Thank you very much in advance for your help.

Best regards,

Baptiste

mattkime · November 12, 2020, 5:04pm

Hello @Baptiste_Orsoni

Yes, this is possible with Watcher. Here are the elasticsearch docs - https://www.elastic.co/guide/en/elasticsearch/reference/7.10/how-watcher-works.html#watch-definition

and the Kibana docs, if you wish to use a UI at some point - https://www.elastic.co/guide/en/kibana/current/watcher-ui.html

Thanks,
Matt

Baptiste_Orsoni · November 13, 2020, 2:14pm

Hello @mattkime,

Thank you very much for your answer. I can see that Watcher is available only from the gold license.

We're using a free license, is there still a way to do what I want to do using the API ?

Thank you in advance for your help.

Baptiste

mattkime · November 13, 2020, 2:24pm

Unfortunately not, but you could try a trial license to determine if the feature would be worthwhile for you.

Baptiste_Orsoni · November 13, 2020, 2:36pm

But I can see that Kibana alerting and actions are available for basics versions:

Can it be accessed? If so, can this feature meet my needs listed above?

What about the anomaly detection jobs ? Could it work ? Is it available on the free version ?

Thanks for your help

mattkime · November 14, 2020, 2:53am

@Baptiste_Orsoni

You're correct, Kibana alerts might be worthwhile. This explains the differences between watcher and alerts - https://www.elastic.co/guide/en/kibana/7.x/alerting-getting-started.html#alerting-concepts-differences

It looks like Anomaly detection on time series requires a platinum or enterprise license - https://www.elastic.co/pricing

Thanks,
Matt

Topic		Replies	Views
Kibana Alerts from API Kibana elastic-stack-alerting	10	3752	September 15, 2020
Alternative to Watcher in ES Kibana (7.2.0) Kibana	3	4704	December 17, 2019
Integration elastalert with elasticsearch Elasticsearch	3	526	October 1, 2019
Alerts from Kibana/ES Elasticsearch	7	4020	July 6, 2017
Kibana Alerts Kibana elastic-stack-alerting	13	789	December 4, 2020

Create Alerting in Kibana using API

Related topics