Kibana Alerting

Roey · March 8, 2021, 4:38pm

Hey,
I'm using Kibana 7.9.1 and recently I've started to explore Monitoring and Alerting, I have few questions:
I have a monitor with an active trigger, the alert has been triggered for some reason only once.
Besides, I'm not sure where can I find the log or reason that made the trigger, I only see the trigger with no details(For example, I don't see the IP that made the trigger).

Another issue, when I'm creating a monitor using "Define using extraction query" I can only use the ctx.results[0].hits.total.value > 0 I don't know how to do the same but with buckets values.

Thank you

tsullivan · March 17, 2021, 1:45am

You'll want to go into the Management page for Alerts and look for the alert definition: Alert details | Kibana Guide [7.9] | Elastic for the "instances" of the alert.

You'll want to use Dev Tools to work out a query that has some bucket aggregations, so that the search result contains bucket values. See Bucket aggregations | Elasticsearch Guide [8.11] | Elastic

Hope this helps! If not, please feel free to add more details to the questions.

system · April 14, 2021, 1:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.