Cluster Alerts

edit

The Stack Monitoring > Clusters page in Kibana summarizes the status of your Elastic Stack. You can drill down into the metrics to view more information about your cluster and specific nodes, instances, and indices.

The Top Cluster Alerts shown on the Clusters page notify you of conditions that require your attention:

  • Elasticsearch Cluster Health Status is Yellow (missing at least one replica) or Red (missing at least one primary).
  • Elasticsearch Version Mismatch. You have Elasticsearch nodes with different versions in the same cluster.
  • Kibana Version Mismatch. You have Kibana instances with different versions running against the same Elasticsearch cluster.
  • Logstash Version Mismatch. You have Logstash nodes with different versions reporting stats to the same monitoring cluster.
  • Elasticsearch Nodes Changed. You have Elasticsearch nodes that were recently added or removed.
  • Elasticsearch License Expiration. The cluster’s license is about to expire.

    If you do not preserve the data directory when upgrading a Kibana or Logstash node, the instance is assigned a new persistent UUID and shows up as a new instance

  • X-Pack License Expiration. When the X-Pack license expiration date approaches, you will get notifications with a severity level relative to how soon the expiration date is:

    • 60 days: Informational alert
    • 30 days: Low-level alert
    • 15 days: Medium-level alert
    • 7 days: Severe-level alert

      The 60-day and 30-day thresholds are skipped for Trial licenses, which are only valid for 30 days.

The monitoring features check the cluster alert conditions every minute. Cluster alerts are automatically dismissed when the condition is resolved.

Watcher must be enabled to view cluster alerts. If you have a Basic license, Top Cluster Alerts are not displayed.

Email Notifications

edit

To receive email notifications for the Cluster Alerts:

  1. Configure an email account as described in Configuring Email Accounts.
  2. Configure the xpack.monitoring.cluster_alerts.email_notifications.email_address setting in kibana.yml with your email address.

Email notifications are sent only when Cluster Alerts are triggered and resolved.