ELK - xpack , watcher - what to use for advanced alerting and observability?

Kibana alerting is basic . For advanced alerts in ELK stack what should I use ?

  1. Watcher plugin ? - Is this part of paid version only ? or can i install this separately within the open n source version as well ?
  2. x-pack ? Can this be used for advanced alerting ?

Note - By advanced alerting I mean , advanced alert logic and multiple alert channels . Basic Kibana alerting works for simple index threshold alerts

Welcome to our community! :smiley:

Watcher, which is part of the broader X-Pack set of functionality, has features that are both free and commercial. However the features that Kibana currently expose as a subset of what the underlying API can provide, as we are working on improving the UI integration for Alerting.

You might want to look at the API and see if it'll do what you want.

1 Like

Thanks, in that case can you explain why am I getting ' current license is non-compliant for watcher' when I am querying GET /_watcher/watch/my_watch?pretty ?

I am using Elastic search 7.9.0 open source edition

 "name": "elasticsearch",
 "cluster_name": "docker-cluster",
 "cluster_uuid": "jO35QjzcQxS3KJiokdsobw",
 "version": {
 "number": "7.9.0",
 "build_flavor": "default",
 "build_type": "docker",
 "build_hash": "a479a2a7fce0389512d6a9361301708b92dff667",
 "build_date": "2020-08-11T21:36:48.204330Z",
 "build_snapshot": false,
 "lucene_version": "8.6.0",
 "minimum_wire_compatibility_version": "6.8.0",
 "minimum_index_compatibility_version": "6.0.0-beta1"
"tagline": "You Know, for Search"

Watcher requires a commercial license and is not fully available with the default Basic license.

1 Like

@Christian_Dahlqvist , Warkolm mentions that watchesr -has features that are both free and commercial. What are the free features ? How do i enable them?

Use the default distribution, that contains our free (but not open source) functionality.

You can see more here - https://www.elastic.co/subscriptions and https://www.elastic.co/blog/introducing-the-new-alerting-framework-for-observability-security-and-the-elastic-stack

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.