This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Kibana alerting features include support for transform rules, which check the health of continuous transforms with certain conditions. If the conditions of the rule are met, an alert is created and the associated action is triggered. For example, you can create a rule to check if a continuous transform is started and to notify you in an email if it is not. To learn more about Kibana alerting features, refer to Alerting.
The following transform rules are available:
- Transform health
- Monitors transforms health and alerts if an operational issue occurred.
You can create transform rules under Stack Management > Rules.
On the Create rule window, give a name to the rule and optionally provide
tags. Specify the time interval for the rule to check transform health
changes. You can also select a notification option with the Notify selector.
An alert remains active as long as the configured conditions are met during the
check interval. When there is no matching condition in the next interval, the
Recovered action group is invoked and the status of the alert changes to
For more details, refer to the documentation of
general rule details.
Select the Transform health rule type under the Stack Monitoring section.
Select the transform or transforms to include. You can also use a special
*) to apply the rule to all your transforms. Transforms
created after the rule are automatically included.
The following health check is available and enabled by default:
- Transform is not started
- Notifies if the corresponding transforms is not started or it does not index any data. The notification message recommends the necessary actions to solve the error.
As the last step in the rule creation process, define the actions that occur when the conditions are met.
Connect your rule to actions that use supported built-in integrations by selecting a connector type. Connectors are Kibana services or third-party integrations that perform an action when the rule conditions are met.
For example, you can choose Slack as a connector type and configure it to send a message to a channel you selected. You can also create an index connector that writes the JSON object you configure to a specific index. It’s also possible to customize the notification messages. A list of variables is available to include in the message, like transform ID, description, transform state, and so on.
After you save the configurations, the rule appears in the Rules list where you can check its status and see the overview of its configuration information.
The name of an alert is always the same as the transform ID of the associated transform that triggered it. You can mute the notifications for a particular transform on the page of the rule that lists the individual alerts. You can open it via Rules by selecting the rule name.
Intro to Kibana
ELK for Logs & Metrics