Cases connector and action
editCases connector and action
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The Cases connector creates cases in Kibana when alerts occur.
Create connectors in Kibana
editTo use this connector you must have All Kibana privileges for the Cases feature.
Depending on the type of rule you want to create and its role visibility, you must have privileges for Management or Observability case features.
For more details, refer to Kibana privileges.
You cannot manage this connector in Stack Management > Connectors or by using APIs. You also cannot create a Cases preconfigured connector. It is available only when you’re creating a rule in Kibana. For example:
You can have only one Cases action in each rule.
Connector configuration
editCases connectors have the following configuration properties:
- Group by alert field
- By default, all alerts are attached to the same case. You can optionally choose a field to use for grouping the alerts; a unique case is created for each group.
- Reopen when the case is closed
- If this option is enabled, closed cases are re-opened when an alert occurs.
- Time window
- By default, alerts are added to an existing case only if they occur within a 7 day time window.
Test connectors
editYou cannot test or edit these connectors in Kibana or by using APIs.