Kibana 8.8 Watcher vs Alerts

perfecto25 · July 19, 2023, 6:08pm

Hello all, Im a bit confused re alerting, I recently upgraded my elk stack from 7.2 > 8.8

we had bunch of Alerts rules configured to notify a slack channel for example if some index log file has a string "Error"

I dont see these options anywhere in 8.8 alert console, I can only define Log threshold metrics, not actual log content matching.

I am also reading that theres a Watcher piece, which I havent used before, but the Slack Connector isnt available to a watcher (I think I need to use xpack settings to define a connector for watcher)

I basically want KIabana to send a slack alert if some log has a certain string or matches regex conditions, ie if log contains "error"

How can I do this in 8.8 ?

richcollier · July 19, 2023, 6:41pm

Watcher is a legacy alerting platform in Elasticsearch. It still works and is very powerful, but users found it kind of hard to do the "easy" things. Hence, the creation of Kibana Alerts.

However, Kibana Alerts also has different types including the Elasticsearch Query type. Create any valid Elasticsearch DSL query (exact match, partial match, etc.) and make an alert out of it

Topic		Replies	Views
Kibana Watcher Alerts Kibana	0	9	September 17, 2024
Kibana Email Alert/Connectors Kibana elastic-stack-alerting	2	144	April 28, 2024
Other Alerting Methods? Kibana elastic-stack-alerting	4	159	June 10, 2024
Assistance needed in creating a watcher alert for specific hostnames if the CPU/memory goes above certain threshold Kibana elastic-stack-alerting	3	335	August 9, 2021
Kibana Alerts from API Kibana elastic-stack-alerting	10	3497	September 15, 2020

Kibana 8.8 Watcher vs Alerts

Related Topics