Alerting via Watcher
Get Notified So You Don't Miss A Thing
CPU usage is unexpectedly increasing. Application response time is spiking. 503 errors are skyrocketing. Elasticsearch indexing rate has plummeted. But you're on top of it before anyone notices because X-Pack keeps you in the know with the alerts you need.
Detect Changes in Your Data
The alerting features in X-Pack give you the full power of the Elasticsearch query language to identify changes in your data that are interesting to you.
In other words, if you can query something in Elasticsearch, you can alert on it. For instance, you can be notified when:
The same user logged in from 3 different locations within an hour, so you can proactively address possible intrusion attempts.
#YourProduct is trending on social media, and you need to prepare to meet the demand.
A component of a bionic leg is nearing its end of life and it's time to replace it so the six-million-dollar woman can keep running.
Credit card numbers are visible in your application logs and that's a compliance nightmare. It's time to talk with the application team.
Your Elasticsearch indexing rate has plummeted due to changes in your web server log file location, so you know to update your Filebeat configuration.
Get Notified, Your Way
How would you like to be notified? Pick from many alerting options with built-in integrations for email, PagerDuty, Slack, and HipChat. It also comes with a powerful webhook output for integration with your existing monitoring infrastructure or any third-party system.
It's also configurable to include relevant information from your search in the notification and ships with simple template support.
Easy UI, Easy Alerts
Take control of your alerts by viewing, creating, and managing all of them from a single UI. Stay in the know with real-time updates on which alerts are running and what actions were taken.
Go Beyond Rule-Based Alerting
For changes that are harder to define with rules and thresholds, combine alerting with unsupervised machine learning features to find the unusual stuff. Use the anomaly scores in the alerting framework to get notified when the ship is off course.
Learn from Your Alert History
X-Pack stores a complete history of all alert executions in Elasticsearch for easy tracking and visualization in Kibana. Are my alerts executing? How often are my conditions being met? What actions were taken? Your alert history also enables nested alerts.