Alerting
editAlerting
editEnsure Alerting is already set up in Kibana. For details, see Setup and prerequisites.
Alerting enables you to detect complex conditions defined by a rule within the Logs, Metrics, Uptime, and APM apps. When a condition is met, the rule tracks it as an alert and responds by triggering one or more actions.
Listed on the Alerts page are all of your observability alerts that have met a condition defined by a rule you created using the Logs, Metrics, Uptime, or APM apps.
Not all of the predefined rules in Stack Management will generate and list an alert on the Alerts page. Only alerts generated by rules relating to Logs, Metrics, Uptime, and APM can be viewed on the Alerts page.
Alerting can be centrally managed from the Kibana Management UI and provides a set of built-in rule types and connectors for you to use.
Extend your rules by connecting them to actions that use built-in connectors for email, IBM Resilient, Index, JIRA, Microsoft Teams, PagerDuty, Server log, ServiceNow ITSM, and Slack. Also supported is a powerful webhook output letting you tie into other third-party systems. Connectors allow actions to talk to these services and integrations.
Configure alerts
editYou may want to disable writing to specific Observability alert indices or disable all alerts and remove the Alerts page altogether. You can do this in Kibana settings.
If you are using our hosted Elasticsearch Service on Elastic Cloud, you’ll edit the Kibana user settings:
- Select your deployment on the home page, and from your deployment menu go to the Edit page.
- In the Kibana section, click Edit user settings, and add the desired settings (detailed below).
-
Click Back, and then click Save. The changes are automatically appended to the
kibana.yml
configuration file for your instance.
If you have a self-managed Elastic Stack, you’ll edit the settings in your kibana.yml
file.
Disable writing to specific alert indices
editTo disable writing to specific Observability alerts-as-data indices
while continuing to write to others, use xpack.ruleRegistry.write.disabledRegistrationContexts
.
You can disable writing to alert indices for:
-
Logs (
observability.logs
) -
Metrics (
observability.metrics
) -
APM (
observability.apm
) -
Uptime (
observability.uptime
)
Disabling writing to the indices of one of the Observability apps listed above will affect all rule types of the corresponding app. For example, disabling writing to uptime alert indices will affect all uptime rule types including monitor status and TLS rule types.
For example, to disable writing to Logs alert indices, you would add the following to your Kibana settings:
xpack.ruleRegistry.write.disabledRegistrationContexts : ['observability.logs']
To disable writing to both Logs and Uptime alert indices, you would use:
xpack.ruleRegistry.write.disabledRegistrationContexts : ['observability.logs', 'observability.uptime']
Remove the Alerts page
editTo disable writing to all alert indices and remove the Alerts page from Kibana altogether, use the following settings:
xpack.ruleRegistry.write.enabled: 'false' xpack.observability.unsafe.alertingExperience.enabled: 'false'