Restricting kibana watchers across spaces

Hi Team,

We are using Elastic cloud 7.16.2 version and we are using spaces to restrict users to access only the data related to them. Now we want to provide access to them to create and manage kibana watchers by themselves. I am tried by giving manage_watcher and watcher_admin roles to users and but users are able to see all the watchers and getting access to delete everything in the watchers.

So could you please let me know a way to restrict watchers in each space. Like the rules and connectors which are space isolated.

Hello,

Watcher is an Elasticsearch feature and Kibana has the management interface to it. Its not space aware.

I am also wondering why you are using watcher and not alerts.

Thanks,
Bhavya

Hi Bhavya,

We are using watchers because

  1. We can able to format the email body using html.
  2. We are using aggregation queries and we need to print the buckets in the email which we tried using alerts but no luck. We are able to print the hits using context.hits.

Could you please let me know if there is any way in formatting the data in alerts to print like a table data also to print aggregated data.

Thanks in Advance.

Hi @bhavyarm ,

Could you please help me with the query.

@Patrick_Mueller / @ying.mao can we please get some help? Thanks!

  1. We can able to format the email body using html.

The email message is processed with mustache to fill in "variables", and then markdown to convert to HTML. We currently do not allow HTML elements within the message, they will be rendered literally in the output. Are there specific HTML elements you need?

  1. We are using aggregation queries and we need to print the buckets in the email which we tried using alerts but no luck. We are able to print the hits using context.hits.

I don't believe we have a rule type that both does aggregations AND returns search hits - most of our rule types are agg-based, though the Elasticsearch query rule type does not currently do aggs and only returns search hits. It sounds like you were using the Elasticsearch query rule type. The logs threshold, metric threshold, or index threshold rule types might work if you don't need the hits, just the aggs.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.