This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Create a TLS certificate rule Create a service-level objective (SLO) burn rate rule »
Elastic Docs Elastic Observability [master] Incident management Alerting Create and manage rules

Create an uptime duration anomaly rule

edit

Create an uptime duration anomaly rule

edit

Within the Uptime app, create an Uptime duration anomaly rule to receive notifications based on the response durations for all of the geographic locations of each monitor. When a monitor runs for an unusual amount of time, at a particular time, an anomaly is recorded and highlighted on the Monitor duration chart.

  1. To access this page, go to ObservabilityUptime.
  2. On the Monitors page, select on a monitor, and then click Enable anomaly detection.
Conditions
edit

For each rule, you can configure which severity level triggers the alert. The default level is critical.

The anomaly score is a value from 0 to 100, which indicates the significance of the anomaly compared to previously seen anomalies. The highly anomalous values are shown in red and the low scored values are indicated in blue.

warning

Score 0 and above.

minor

Score 25 and above.

major

Score 50 and above.

critical

Score 75 and above.
Uptime response duration rule
Action types
edit

Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are Kibana services or integrations with third-party systems that run as background tasks on the Kibana server when rule conditions are met.

You can configure action types on the Settings page.

Some connector types are paid commercial features, while others are free. For a comparison of the Elastic subscription levels, go to the subscription page.

After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts every twelve hours:

Action types

Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: Uptime Duration Anomaly or Recovered.

Configure when a rule is triggered
Action variables
edit

Use the default notification message or customize it. You can add more context to the message by clicking the icon above the message text box and selecting from a list of available variables.

Default notification message for Uptime duration anomaly rules with open "Add variable" popup listing available action variables
Alert recovery
edit

To receive a notification when the alert recovers, select Run when Recovered. Use the default notification message or customize it. You can add more context to the message by clicking the icon above the message text box and selecting from a list of available variables.

Default recovery message for Uptime duration anomaly rules with open "Add variable" popup listing available action variables
« Create a TLS certificate rule Create a service-level objective (SLO) burn rate rule »