As an Elastic Cloud user (v8.6.2), I would like to query my Observability Alert history for reporting purposes, and perhaps even to create a high-level dashboard showing open alerts across multiple workspaces in Elastic Cloud. How can I do this?
AFAIK, there's no official API to get observability alerts.
I found two ways :
-
by internal API : use dev mode in chrome to sniff internal api calls, you will see calls to "https://kibana:5601/internal/bsearch"
-
by index : observability alerts are stored in these indexes :
.internal.alerts-observability.apm.alerts-default
.internal.alerts-observability.logs.alerts-default
.internal.alerts-observability.metrics.alerts-default
.internal.alerts-observability.uptime.alerts-default
GET /.internal.alerts-observability.metrics.alerts-default-*/_search
{
"query": {
"query_string": {
"query": "*",
"analyze_wildcard": true
}
}
}
Thx. I'll take a look. By index is probably the way I'd want to go. This is a fundamental requirement, IMO. Just being able to do a histogram on alerts can tell you a lot.
Thanks. Alerts are aliased to the equivalent .alerts-* index (e.g., .internal.alerts-apm.observability-default is aliased to .alerts-apm.observability-*), so I created the following data view:
.alerts-*
and enabled "View hidden/system indices," and I can see what I hoped to see. Unfortunately there isn't quite as much data as I'd like to see, but I think we can compensate for that by enriching the alerts with tags.
Thx.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.