Create Threshold Alert
editCreate Threshold Alert
editYou can create a threshold alert to periodically check when your data goes above or below a certain threshold within a given time interval. It’s one of the most common type of alerts that you can create using Watcher. For more advanced watches, see the Create Advanced Watch.
To create a threshold alert:
- Click the Create threshold alert button.
Inputs & Triggers
editYou must first configure the inputs and triggers.
Condition
editHere, you can configure the condition that will cause alert to trigger. The UI is interactive and selecting the various elements within the expression will display a UI to change the values.
Here are a few examples of common alerts based on x-pack monitoring data:
Here are some specifics of how the visualization works:
-
The time window that is used in the visualization is calculated by taking the duration defined in the expression and multiplying it by 5. So, if you select
FOR THE LAST 5 hours
, the visualization will show data from the last 25 hours. - In the chart, you will see a blue line that represents the aggregated data. There is also a red line that represents the threshold value.
-
If you use the
terms
aggregation to aggregate over a specific field, there will be multiple visualizations available and pagination controls will appear as shown below.
Actions
editHere you can configure the various actions that will occur when the alert fires.
Click Add new action
to trigger a dropdown selection:
Selecting an action will allow you to customize settings for the respective action.
All fields for an alert support using mustache syntax and expose a {{ctx}}
variable which exposes various properties of the alert
The supported actions are:
Note that certain actions require configuration within Elasticsearch, such as email and slack.