Event Triggering in Elasticsearch Webhook Integration Despite Unmet Conditions

Vinicius_Manganotti · October 21, 2024, 7:40pm

Hello!

I have the following scenario: I integrated Elasticsearch with another software via Webhook. The main idea of the integration is for Elastic to trigger events to this other software if a synthetic test fails more than X times within a given timeframe.

The problem is that Elastic is sending events to the Webhook even when the rule is not met; it just takes a few failures in the synthetic test for it to trigger the event.

Additionally, even after setting the alerts to snooze, the event is still triggered. Attached are pictures of the alert rules and the event triggers.

emilioalvap · October 28, 2024, 2:42pm

Hi @Vinicius_Manganotti,

Are you receiving alert pings on the Webhook endpoint? The section under "Execution history" does not contain the emitted alerts, but rather the rule query execution list. It reflects when Kibana is executing the alert rule query and checking if it the threshold to emit an alert has been breached. If that were the case, you should see the Alert # increasing:

Topic		Replies	Views
How is webhook used in elasticsearch , and how is logstash used for webhook Elasticsearch elastic-stack-alerting	4	1036	July 1, 2019
Bulk alerting configuration SIEM	6	492	May 9, 2023
Watcher Unable to Alert via Email and Webhook Elasticsearch elastic-stack-alerting	3	1337	December 20, 2019
Real time alert in Elasticsearch Kibana	2	143	March 7, 2024
Webhook Elasticsearch	5	545	January 15, 2018

Event Triggering in Elasticsearch Webhook Integration Despite Unmet Conditions

Related topics