Create alerts and notifications in Kibana.

Our step-by-step guide to create alerts that identify specific changes in data and notify you.

Create alerts Kibana Guide

The TL;DR (Too Long; Didn't Read)

Learn how we at reelyActive use watcher to query something in Elasticsearch and get notified.

What will this accomplish?
An alert by email, PagerDuty, Slack or HipChat about the data that are interesting to you.
Is there an easier way?
Manual counts and analysis of data behavior using pen and paper?
So why would I read this?
To learn both how and why to alert specific behavior in Kibana.

Creating alerts   Step 1 of 3

Go to watcher and create an alert.

Why an alert?
Alerting features keep you in the know.
Why Kibana?
Kibana makes it easy to visualise data from an Elasticsearch database, where the source data is stored.

Open Kibana and then:

  1. Click the gear icon from the left toolbar: Management
  2. From the Elasticsearch list click on Watcher.
Create alerts

Building a threshold alert   Step 2 of 3

Define a meaningful alert on a specified condition.

Why a threshold alert?
To periodically check when data goes above or below a certain threshold within a given time interval.
What's for?
Create an alert when one of the sensors no longer collects data for 5 minutes.

From Watcher page:

  1. Click the Create button
  2. Choose Create threshold alert

From Create threshold alert page:

  1. Enter the Name of the alert
  2. Select raddec in Indices to query field
  3. Select timestamp in the Time field area
  4. Define the time threshold in the Run watch every fields

You should be able to visualize the filled fields as below:

Add alerts

You can adjust the specified condition by clicking the elements as below:

Add alerts

Sending an alert   Step 3 of 3

Send the alert with Slack and receive a notification whenever the condition occurs.

Why Slack?
Slack is an instant messaging platform that uses channels
What's a channel?
A channel is a single place for a team to share messages

Open Kibana and then:

  1. Click the Add Actions button
  2. Choose Slack
Add alerts

From Slack tab:

  1. Add a recipient if required
  2. Enter an alert message that will be sent to the Slack channel.
  3. Once done, you can try sending a sample message and confirming that you received it on Slack.
  4. Click the Create alert button
Add alerts

You should be able to see the message in the Slack channel configured:

Add alerts
Elastic Search Award

Winner of a 2020 Elastic Search Award!

For our innovation of making physical spaces searchable like the web.

Our Award Our Integration

Where to next?

Create other visualizations, or continue exploring our open architecture and all its applications.