Generating alerts for transforms

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Kibana alerting features include support for transform rules, which check the health of continuous transforms with certain conditions. If the conditions of the rule are met, an alert is created and the associated action is triggered. For example, you can create a rule to check if a continuous transform is started and to notify you in an email if it is not. To learn more about Kibana alerting features, refer to Alerting.

The following transform rules are available:

Transform health
Monitors transforms health and alerts if an operational issue occurred.

Creating a rule

edit

You can create transform rules under Stack Management > Rules.

On the Create rule window, give a name to the rule and optionally provide tags. Specify the time interval for the rule to check transform health changes. You can also select a notification option with the Notify selector. An alert remains active as long as the configured conditions are met during the check interval. When there is no matching condition in the next interval, the Recovered action group is invoked and the status of the alert changes to OK. For more details, refer to the documentation of general rule details.

Select the Transform health rule type under the Stack Monitoring section.

Creating a transform health rule

Transform health

edit

Select the transform or transforms to include. You can also use a special character (*) to apply the rule to all your transforms. Transforms created after the rule are automatically included.

The following health check is available and enabled by default:

Transform is not started
Notifies if the corresponding transforms is not started or it does not index any data. The notification message recommends the necessary actions to solve the error.
Selecting health check

As the last step in the rule creation process, define the actions that occur when the conditions are met.

Defining actions

edit

Connect your rule to actions that use supported built-in integrations by selecting a connector type. Connectors are Kibana services or third-party integrations that perform an action when the rule conditions are met or the alert is recovered. You can select in which case the action will run.

Selecting connector type

For example, you can choose Slack as a connector type and configure it to send a message to a channel you selected. You can also create an index connector that writes the JSON object you configure to a specific index. It’s also possible to customize the notification messages. A list of variables is available to include in the message, like transform ID, description, transform state, and so on.

After you save the configurations, the rule appears in the Rules list where you can check its status and see the overview of its configuration information.

The name of an alert is always the same as the transform ID of the associated transform that triggered it. You can mute the notifications for a particular transform on the page of the rule that lists the individual alerts. You can open it via Rules by selecting the rule name.