- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 7.16
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Development tools settings
- Graph settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Machine learning settings
- Monitoring settings
- Reporting settings
- Secure settings
- Search sessions settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure monitoring
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Accessibility
- Release notes
- Developer guide
Rule types
editRule types
editA rule is a set of conditions, schedules, and actions that enable notifications. Kibana provides two types of rules: rules specific to the Elastic Stack and rules specific to a domain.
Some rule types are subscription features, while others are free features. For a comparison of the Elastic subscription levels, see the subscription page.
Stack rules
editStack rules are built into Kibana. To access the Stack Rules feature and create and edit rules, users require the all privilege. See feature privileges for more information.
Aggregate field values from documents using Elasticsearch queries, compare them to threshold values, and schedule actions to run when the thresholds are met. |
|
Run a user-configured Elasticsearch query, compare the number of matches to a configured threshold, and schedule actions to run when the threshold condition is met. |
|
Transform rules [beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. |
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Run scheduled checks on a continuous transform to check its health. If a continuous transform meets the conditions, an alert is created and the associated action is triggered. |
Domain rules
editDomain rules are registered by Observability, Security, Maps and Machine Learning.
Detect complex conditions in the Logs, Metrics, and Uptime apps. |
|
Detect suspicous source events with pre-built or custom rules and create alerts when a rule’s conditions are met. |
|
Run an Elasticsearch query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule’s conditions are met. |
|
Machine learning rules [beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. |
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Run scheduled checks on an anomaly detection job to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered. |
On this page