Could you please tell me what am I doing wrong or am I just a bit opposite of smart?
I'm trying to set up Kibana alerts on logs events, I've discovered that a "Watcher" is a thing and it's (currently) a free X-Pack feature.
On multiple doumentation pages it says "you just go to the Watcher UI in Stack Management > Watcher, and there you go". But there is no "Watcher" tab in my Stack Management, and I absolutely cannot understand how to enable it. I did the recommendation from the docs to set up Elastic Security, created users, put xpack encryption key in kibana.yml etc
But still, there's just NO such submenu or tab called "Watcher" in Stack Management
Kibana version is 7.17.12.
Does this "Watcher" even exist in Stack Management? I'm starting to doubt that.
Thanks for the swift reply, I might've been confused then by what feature does what.
Does the Watcher allow the functionality I described, to create events based on the log aggregations? Let's say, I have custom application metrics written into log files, and the put into Elasticsearch, and then I want to have some alerts on aggregations e.g. ("log.level : ERROR" AND "time : >1000") and it sends email if the event happened or the amount of times the event happened?
Or at least, can I monitor conditions like this and log it into separate indices (as the free Kibana Alerting suggests), but I'm struggling to understand what type of Rule do I need?