Request API to obtain active alerts

fabien9402 · February 24, 2023, 5:42pm

Hello everyone,

On the Kibana interface I have a rule called "No logs from docker", this is a "Log threshold" rule which should tell me when I have not received a log containing the "event.dataset" with value "docker.container_logs" for more than an hour. I group by "agent.name" to determine which agent is no longer sending me logs.

The rule works, and when I consult it I can see several agents whose alert is "active" and who do not return logs. For some it's normal and so I "mute" them, for others I have to check why they don't send logs, but it's not the object of my current issue.

I configured the alerts to notify me on a "Slack" connector, it works perfectly.

However, I would like to be able to consult these alerts by an API request.

I have already tried a large number of requests. I can indeed see that the rule has active alerts, but impossible to know which alert precisely is active and what it is the agent concerned.

For example, one of my agents on alert is called: "dromao".
I see it as active in alerts when I click on the rule.
But in the response to my API request, there is never anywhere specified "dromao".

Could you please help me to know how to fetch this via API request?

Thank you so much

Patrick_Mueller · February 24, 2023, 9:31pm

Sorry, we do not currently have a supported HTTP endpoint to return data about alerts.

There IS an undocumented, unsupported HTTP endpoint that returns some information about alerts. Pretty much guarantee it will change in the future, and likely has slightly changed release-to-release in previous releases.

So, be prepared for whatever code you are using this with, to break when you upgrade your stack.

GET /internal/alerting/rule/<rule-id>/_alert_summary

Patrick_Mueller · March 9, 2023, 4:27pm

Wanted to let you know we've started planning to get a public API to list alerts into the product, in a future release. LMK if you want an issue to track, not sure where it is right now ...

fabien9402 · March 13, 2023, 10:29am

Thanks, yes, I'm very interested in tracking this feature. This would allow us to automate some tasks in our infrastructure.

Patrick_Mueller · March 21, 2023, 1:27pm

Sorry for the delay. The current issue to track this is [ResponseOps] add supported API to return list of alerts · Issue #152345 · elastic/kibana · GitHub

system · April 18, 2023, 1:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Alerts Showing for Unenrolled Agents Elastic Observability elastic-stack-alerting	4	247	November 29, 2023
Is it possible to create an alert in case an Elastic Agent goes offline? Elastic Agent elastic-stack-alerting	3	734	December 9, 2023
Docker Logs keep getting dropped with tried to parse field [image] as object, but found a concrete value error Elastic Agent	50	3168	April 19, 2023
Creating alert for service docker Elastic Observability elastic-stack-monitoring , elastic-stack-alerting , docker	2	47	August 6, 2024
Docker and System Logs/Metrics from container-based Agent Elastic Agent	14	1495	February 9, 2023

Request API to obtain active alerts

Related Topics