Kibana 8.8 Watcher vs Alerts

perfecto25 · July 19, 2023, 6:08pm

Hello all, Im a bit confused re alerting, I recently upgraded my elk stack from 7.2 > 8.8

we had bunch of Alerts rules configured to notify a slack channel for example if some index log file has a string "Error"

I dont see these options anywhere in 8.8 alert console, I can only define Log threshold metrics, not actual log content matching.

I am also reading that theres a Watcher piece, which I havent used before, but the Slack Connector isnt available to a watcher (I think I need to use xpack settings to define a connector for watcher)

I basically want KIabana to send a slack alert if some log has a certain string or matches regex conditions, ie if log contains "error"

How can I do this in 8.8 ?

richcollier · July 19, 2023, 6:41pm

Watcher is a legacy alerting platform in Elasticsearch. It still works and is very powerful, but users found it kind of hard to do the "easy" things. Hence, the creation of Kibana Alerts.

However, Kibana Alerts also has different types including the Elasticsearch Query type. Create any valid Elasticsearch DSL query (exact match, partial match, etc.) and make an alert out of it

Topic		Replies	Views
Email and Slack alerts based on logs in Elasticsearch Kibana elastic-stack-alerting	3	907	April 8, 2021
Kibana Alerting Kibana	5	521	July 28, 2020
Using kibana alerting with filters Kibana elastic-stack-alerting	2	1466	February 2, 2021
Watcher Alert Conditions Kibana elastic-stack-alerting	2	354	February 6, 2019
Help with watcher alert configuration in Kibana Elasticsearch elastic-stack-alerting	8	2145	May 1, 2019

Kibana 8.8 Watcher vs Alerts

Related topics