- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- AI Assistant settings
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboards
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- Search
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- Cases
- Connectors
- Amazon Bedrock
- Cases
- CrowdStrike
- D3 Security
- Google Gemini
- IBM Resilient
- Index
- Jira
- Microsoft Teams
- Observability AI Assistant
- OpenAI
- Opsgenie
- PagerDuty
- SentinelOne
- Server log
- ServiceNow ITSM
- ServiceNow SecOps
- ServiceNow ITOM
- Swimlane
- Slack
- TheHive
- Tines
- Torq
- Webhook
- Webhook - Case Management
- xMatters
- Preconfigured connectors
- License Management
- Maintenance windows
- Manage data views
- Numeral Formatting
- Rollup Jobs
- Manage saved objects
- Security
- Spaces
- Advanced Settings
- Tags
- Upgrade Assistant
- Watcher
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Synthetics APIs
- Uptime APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Upgrade notes
- Kibana 8.17.1
- Kibana 8.17.0
- Kibana 8.16.3
- Kibana 8.16.2
- Kibana 8.16.1
- Kibana 8.16.0
- Kibana 8.15.5
- Kibana 8.15.4
- Kibana 8.15.3
- Kibana 8.15.2
- Kibana 8.15.1
- Kibana 8.15.0
- Kibana 8.14.3
- Kibana 8.14.2
- Kibana 8.14.1
- Kibana 8.14.0
- Kibana 8.13.4
- Kibana 8.13.3
- Kibana 8.13.2
- Kibana 8.13.1
- Kibana 8.13.0
- Kibana 8.12.2
- Kibana 8.12.1
- Kibana 8.12.0
- Kibana 8.11.4
- Kibana 8.11.3
- Kibana 8.11.2
- Kibana 8.11.1
- Kibana 8.11.0
- Kibana 8.10.4
- Kibana 8.10.3
- Kibana 8.10.2
- Kibana 8.10.1
- Kibana 8.10.0
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Open and manage cases
editOpen and manage cases
editTo perform these tasks, you must have full access to the appropriate case features in Kibana.
Open a new case
editOpen a new case to keep track of issues and share their details with colleagues.
-
Go to Management > Stack Management > Cases, then click Create case.
- If you defined templates, you can optionally select one to use its default field values. [preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-
Give the case a name, severity, and description.
In the
Description
area, you can use Markdown syntax to create formatted text. - Optionally, add a category, assignees, and tags. You can add users only if they meet the necessary prerequisites.
- If you defined any custom fields, they appear in the Additional fields section. [8.15.0] Added in 8.15.0.
- For the External incident management system, select a connector. For more information, refer to External incident management systems.
- After you’ve completed all of the required fields, click Create case.
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Alternatively, you can configure your rules to automatically create cases by using case actions. By default, the rule adds all of the alerts within a specified time window to a single case. You can optionally choose a field to group the alerts and create separate cases for each group. You can also choose whether you want the rule to reopen cases or open new ones when the time window elapses.
Add email notifications
editYou can configure email notifications that occur when users are assigned to cases.
For hosted Kibana on Elasticsearch Service:
-
Add the email domains to the notifications domain allowlist.
You do not need to take any more steps to configure an email connector or update Kibana user settings, since the preconfigured Elastic-Cloud-SMTP connector is used by default.
For self-managed Kibana:
-
Create a preconfigured email connector.
At this time, email notifications support only preconfigured connectors, which are defined in the
kibana.yml
file. For examples, refer to Email connectors and Configure email accounts for well-known services. -
Set the
notifications.connectors.default.email
Kibana setting to the name of your email connector. - If you want the email notifications to contain links back to the case, you must configure the server.publicBaseUrl setting.
When you subsequently add assignees to cases, they receive an email.
Add files
editAfter you create a case, you can upload and manage files on the Files tab:
The acceptable file types and sizes are affected by your case settings.
To download or delete the file or copy the file hash to your clipboard, open the action menu (…). The available hash functions are MD5, SHA-1, and SHA-256.
When you upload a file, a comment is added to the case activity log. To view images, click their name in the activity or file list.
Uploaded files are also accessible in Stack Management > Files. When you export cases as saved objects, the case files are not exported.
Add visualizations
editYou can also optionally add visualizations. For example, you can portray event and alert data through charts and graphs.
To add a visualization to a comment within your case:
- Click the Visualization button. The Add visualization dialog appears.
-
Select an existing visualization from your Visualize Library or create a new visualization.
Set an absolute time range for your visualization. This ensures your visualization doesn’t change over time after you save it to your case and provides important context for viewers.
- After you’ve finished creating your visualization, click Save and return to go back to your case.
- Click Preview to see how the visualization will appear in the case comment.
- Click Add Comment to add the visualization to your case.
Alternatively, while viewing a dashboard you can open a panel’s menu then click More > Add to existing case or More > Add to new case.
After a visualization has been added to a case, you can modify or interact with it by clicking the Open Visualization option in the case’s comment menu.
Manage cases
editIn Management > Stack Management > Cases, you can search cases and filter them by attributes such as assignees, categories, severity, status, and tags. You can also select multiple cases and use bulk actions to delete cases or change their attributes.
To view a case, click on its name. You can then:
- Add a new comment.
- Edit existing comments and the description.
- Add or remove assignees.
- Add a connector.
- Send updates to external systems (if external connections are configured).
- Edit the category and tags.
- Refresh the case to retrieve the latest updates.
- Change the status.
- Change the severity.
- Close or delete the case.
- Reopen a closed case.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now