- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.9
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Set up
- Get started
- How-to guides
- Configure APM agents with central config
- Control access to APM data
- Create an alert
- Create custom links
- Filter data
- Find transaction latency and failure correlations
- Identify deployment details for APM agents
- Integrate with machine learning
- Observe Lambda functions
- Query your data
- Storage Explorer
- Track deployments with annotations
- Users and privileges
- Settings
- REST API
- Troubleshooting
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Add comment
- Create case
- Delete cases
- Delete comments
- Find case activity
- Find cases
- Find connectors
- Get alerts
- Get case activity
- Get case
- Get case status
- Get cases by alert
- Get comments
- Get configuration
- Get reporters
- Get tags
- Push case
- Set configuration
- Update cases
- Update comment
- Update configuration
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Kibana 8.9.2
- Kibana 8.9.1
- Kibana 8.9.0
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Index connector and action
editIndex connector and action
editAn index connector indexes a document into Elasticsearch.
You can create index connectors in Kibana or by using the create connector API. Alternatively, you can use the preconfigured alert history Elasticsearch index connector. If you are running Kibana on-prem, you can also create more preconfigured index connectors.
Create connectors in Kibana
editYou can create connectors in Stack Management > Connectors or as needed when you’re creating a rule. For example:
Connector configuration
editIndex connectors must have a name and an Elasticsearch index. You can optionally set the time field, which contains the details about when each alert condition was detected.
Create preconfigured connectors
editIf you are running Kibana on-prem, you can define connectors by
adding xpack.actions.preconfigured
settings to your kibana.yml
file.
For example:
xpack.actions.preconfigured: my-index: name: preconfigured-index-connector-type actionTypeId: .index config: index: .kibana executionTimeField: my-field
For more information, go to Preconfigured connectors.
Preconfigured alert history Elasticsearch index connector
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Kibana offers a preconfigured index connector to facilitate indexing active alert data into Elasticsearch.
To use this connector, set
xpack.actions.preconfiguredAlertHistoryEsIndex
to true
.
When you subsequently create rules, you can use the
Alert history Elasticsearch index (preconfigured)
connector.
Documents are indexed using a preconfigured schema that captures the
action variables available for the rule.
By default, these documents are indexed into the kibana-alert-history-default
index, but you can specify a different index. Index names must start with
kibana-alert-history-
to take advantage of the preconfigured alert history
index template.
-
To write documents to the preconfigured index, you must have
all
orwrite
privileges to thekibana-alert-history-*
indices. Refer to Kibana role management for more information. -
The
kibana-alert-history-*
indices are not configured to use ILM so they must be maintained manually. If the index size grows large, consider using the delete by query API to clean up older documents in the index.
Test connectors
editYou can test connectors with the run connector API or as you’re creating or editing the connector in Kibana. For example:
Index connector actions contain a document in JSON format. For example, if you have an index with the following properties:
PUT test { "settings" : { "number_of_shards" : 1 }, "mappings" : { "properties" : { "rule_id" : { "type" : "text" }, "rule_name" : { "type" : "text" }, "alert_id" : { "type" : "text" }, "context_message": { "type" : "text" } } } }
Your test document could contain the following properties and variables:
{ "rule_id": "{{rule.id}}", "rule_name": "{{rule.name}}", "alert_id": "{{alert.id}}", "context_message": "{{context.message}}" }
On this page