How to show custom data in alerts messages in Kibana

abhinav3 · August 30, 2021, 6:19am

Hi

I have a below data coming to elasticsearch:

{
	"Data": {
		"WiFiIP": "N/A",
		"signal_strength": "N/A",
		"signal_percent": 0,
		"signal_level": "N/A",
		"CPU": 10,
		"cpu_temp": 47.0,
		"Internet": true,
		"Publish msg count": 8631,
		"Created": "2021-08-30T06:15:07.789527",
		"DeviceId": "TX-D2-319",
		"UpTime": "2021-08-24T07:53:11"
	}
}

It has value of cpu temp. In Kibana I have set alert on cpu temp so that if t increases more than 65, I get an alert on Microsoft Teams with below message:

server temperature has increased more than 65*C.

I have many devices which are uploading data to elastisearch. I wanted to know how I can get the DeviceId in the alert message so that I know which device cpu temperature has increased?

spinscale · August 30, 2021, 10:10am

Hey,

so the idea would be to run a query for documents > 65 degrees celsius in the last n minutes, but also have a terms aggregation, that aggregates on the DeviceId, so you can include the ids in your message.

See Terms aggregation | Elasticsearch Guide [7.14] | Elastic

Hope this helps!

--Alex

abhinav3 · August 30, 2021, 10:40am

Hey spinscale

When creating a monitor, we do not have option to select DeviceId. Below is the image of how I am creating monitor

In above image I have selected the index pattern, then getting the count of documents for last 1hr where cpu is greater than 60. And in the trigger, I define this count to be lets say more than 10. So count of all document where cpu temp is more than 60, is greater than 10, I get an alert. I do not see any option for DeviceId here. Can you please explain, if I am moving in wrong direction. Thanks

spinscale · August 30, 2021, 11:34am

On top of my head this will not work with the threshold watch, but you need to write the watch yourself (or use the advanced watch tab, which is just a JSON editor) when you create the watch.

abhinav3 · August 30, 2021, 12:24pm

Can you share any link to document sharing how to write your own watch. Thanks

spinscale · August 30, 2021, 1:11pm

See Create or update watch API | Elasticsearch Guide [7.14] | Elastic and even more the whole watcher documentation, starting with the getting started docs at Getting started with Watcher | Elasticsearch Guide [7.14] | Elastic

abhinav3 · August 31, 2021, 4:57am

Hi spinscale

Thanks for sharing the links. I didn't knew we can create watch & alerts this way also. I will work on this and will close this topic. Will create any topic if any issues. Thanks

system · September 28, 2021, 4:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.