I'm using Elastic Synthetics with Elastic Cloud v8.13.4. I am in the process of setting up in tests for some applications where alerts for tests which need to be in the same workspace need to be routed to different teams. E.g., the components are part of an overall application, but certain tests indicate issues with (for example) an API or Middleware component and need to be routed to a specific list.
I don't see an option to set up multiple Synthetics rules, so how can I do this?
I have the tests tagged by specific type, and ideally I'd like to be able to execute a rule that only watches tests with a specific tag.
Today, the default alert provided by Synthetics is not configurable. This is a limitation of Synthetics that we are hoping to improve in an upcoming release. Our main recommended workaround for users who need more flexibility is to use the Uptime rules. Synthetics is a superset of Uptime data, so the older rules will work on it as well. There are a few steps to get this working, as Uptime is disabled by default in 8.13.
Go to Kibana Advanced Settings and enable Uptime. Save settings.
Should the uptime rules respect the alerts enabled/disabled switch from the synthetics app, like the synthetics rules do? I've configured two rules per your instructions, but they're sending alerts for tests which I currently have set to not send alerts.
How frequently do the default Synthetics rules run, and what are the parameters they're using (e.g., ANY MONITOR IS DOWN >= X times WITHIN last Y minutes)? When I do a GET on the default synthetics rule, it shows that it executes every 1m and there don't seem to be any parameters set, so I'm using ANY MONITOR IS DOWN >= 1 times WITHIN last 10m, which seems to work well enough.
I observe that I can GET the synthetics rule to view it through the API. Can I also create one through the API, even if I can't create/modify it through the UI?
Thx.
Update
When I check the individual tests in the uptime app, alerting shows as DISABLED for all tests, but all tests are actually sending alerts, even if DISABLED in Synthetics. I can't find a field in synthetics-* which shows whether alerts are enabled or disabled for the test. Is there a metadata field that I can pull from in a custom ingest pipeline? Or do you have a suggested solution, other than setting a tag on the alerts that should be ignored?
Should the uptime rules respect the alerts enabled/disabled switch from the synthetics app, like the synthetics rules do? I've configured two rules per your instructions, but they're sending alerts for tests which I currently have set to not send alerts.
No, you should not expect these two features to interoperate. The Synthetics Alert will be improved in the future to scope in richer features and configurability, but for now that toggle only controls the Synthetics alert. The Uptime alerts are unaware of that feature. You should be able to disable any Uptime rules via the Observability Alerting page.
When I do a GET on the default synthetics rule, it shows that it executes every 1m and there don't seem to be any parameters set, so I'm using ANY MONITOR IS DOWN >= 1 times WITHIN last 10m , which seems to work well enough.
Yes this is the way that alert was designed to work. We will improve the alert in a future release but for now this feature operates within those limitations. I'm glad you're able to configure the Uptime alert to achieve your goal!
I observe that I can GET the synthetics rule to view it through the API. Can I also create one through the API, even if I can't create/modify it through the UI?
At the moment, the Synthetics alert operates as a singleton across the whole deployment. It's not possible to create a second or n alerts in a supported manner at this time. As I mentioned above, we plan to make this significantly more powerful in a future release.
I can't find a field in synthetics-* which shows whether alerts are enabled or disabled for the test. Is there a metadata field that I can pull from in a custom ingest pipeline? Or do you have a suggested solution, other than setting a tag on the alerts that should be ignored?
If you're making Uptime alerts with custom parameters to check given monitors (i.e. if you have specific tags for certain monitors and want to alert on them separately), you can manage those rules from the Observability Alerts page, as shown in this screenshot below. I hope that answers your question, if not please let me know.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
