Using kibana alerting with filters

hi all,
im quite new with kibana
i have kibana filled with messages coming from my equipment.
i created an inverted filtered of "blacklist" so i will see the only ones i care about.
now i want to create an alert that will notify any time a new alert is raised and its information to be send via slack connector

1. how can i create an alert that will take into account my filter?
   this is the filter :
   
   

   Screen Shot 2020-12-31 at 14.24.52890×702 45.7 KB
   
   here is an example of a message:
   
   

   Screen Shot 2020-12-31 at 14.26.042946×1664 273 KB
   
   this is the alert i want to do
   
   

   Screen Shot 2020-12-31 at 14.29.381198×1340 74.3 KB
2. how can i make the alert send information of the message raised, i dont see it in the context options of slack connector.

thanks in advance if anymore infomation is needed i will supply it gladly

Hi @VAX,

1. how can i create an alert that will take into account my filter?

For this one, if you're using log threshold, you should be able to click "+ Add condition" then choose field with a "DOES NOT MATCH" comparator. This should exclude the values you don't want.

2. how can i make the alert send information of the message raised, i dont see it in the context options of slack connector.

This is a current limitation of the "Log threshold" alert type. There is a few enhancement requests opened that you can follow (elastic/kibana#78940 and elastic/kibana#69611).

Soon, we are also going add a new type of alert that can use Elasticsearch DSL and alert on matches. elastic/kibana#61313.

I hope this helps,
Mike

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.