Generating alerts for transforms

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Kibana alerting features include support for transform rules, which check the health of continuous transforms with certain conditions. If the conditions of the rule are met, an alert is created and the associated action is triggered. For example, you can create a rule to check if a continuous transform is started and to notify you in an email if it is not. To learn more about Kibana alerting features, refer to Alerting.

The following transform rules are available:

Transform health
Monitors transforms health and alerts if an operational issue occurred.

Creating a rule

edit

You can create transform rules under Stack Management > Rules.

On the Create rule window, give a name to the rule and optionally provide tags. Select the transform health rule type:

Creating a transform health rule

Transform health

edit

Select the transform or transforms to include. You can also use a special character (*) to apply the rule to all your transforms. Transforms created after the rule are automatically included.

The following health check is available and enabled by default:

Transform is not started
Notifies if the corresponding transforms is not started or it does not index any data. The notification message recommends the necessary actions to solve the error.
Errors in transform messages
Notifies if transform messages contain errors.
Selecting health check

As the last step in the rule creation process, define its actions.

Defining actions

edit

You can add one or more actions to your rule to generate notifications when its conditions are met and when they are no longer met.

Each action uses a connector, which stores connection information for a Kibana service or supported third-party integration, depending on where you want to send the notifications. For example, you can use a Slack connector to send a message to a channel. Or you can use an index connector that writes an JSON object to a specific index. For details about creating connectors, refer to Connectors.

You must set the action frequency, which involves choosing how often to run the action (for example, at each check interval, only when the alert status changes, or at a custom action interval). Each rule type also has a list of valid action groups and you must choose one of these groups (for example, the action runs when the issue is detected or when it is recovered).

If you choose a custom action interval, it cannot be shorter than the rule’s check interval.

It’s also possible to customize the notification messages for each action. A list of variables is available to include in the message, like transform ID, description, transform state, and so on.

Selecting connector type

After you save the configurations, the rule appears in the Rules list where you can check its status and see the overview of its configuration information.

The name of an alert is always the same as the transform ID of the associated transform that triggered it. You can mute the notifications for a particular transform on the page of the rule that lists the individual alerts. You can open it via Rules by selecting the rule name.