Alerting and action settings in Kibana
editAlerting and action settings in Kibana
editAlerts and actions are enabled by default in Kibana, but require you configure the following in order to use them:
- Set up Kibana to work with Elastic Stack security features.
- Set up TLS encryption between Kibana and Elasticsearch.
-
If you are using an on-premises Elastic Stack deployment, specify a value for
xpack.encryptedSavedObjects.encryptionKey
.
You can configure the following settings in the kibana.yml
file.
General settings
edit
|
A string of 32 or more characters used to encrypt sensitive properties on alerting rules and actions before they’re stored in Elasticsearch. Third party credentials — such as the username and password used to connect to an SMTP service — are an example of encrypted properties. |
Action settings
edit
|
Feature toggle that enables Actions in Kibana.
If |
A list of hostnames that Kibana is allowed to connect to when built-in actions are triggered. It defaults to |
|
A list of custom host settings to override existing global settings.
Default: an empty list. |
xpack.actions.customHostSettings: - url: smtp://mail.example.com:465 ssl: verificationMode: 'full' certificateAuthoritiesFiles: [ 'one.crt' ] certificateAuthoritiesData: | -----BEGIN CERTIFICATE----- ... multiple lines of certificate data here ... -----END CERTIFICATE----- smtp: requireTLS: true - url: https://webhook.example.com ssl: // legacy rejectUnauthorized: false verificationMode: 'none'
A URL associated with this custom host setting. Should be in the form of
|
|
A boolean value indicating that TLS must not be used for this connection.
The options |
|
A boolean value indicating that TLS must be used for this connection.
The options |
|
|
Deprecated. Use |
Controls the verification of the server certificate that Elastic Maps Server receives when making an outbound SSL/TLS connection to the host server. Valid values are |
|
|
A file name or list of file names of PEM-encoded certificate files to use to validate the server. |
|
The contents of a PEM-encoded certificate file, or multiple files appended into a single string. This configuration can be used for environments where the files cannot be made available. |
A list of action types that are enabled. It defaults to |
|
Enables a preconfigured alert history Elasticsearch Index connector. Default: |
|
|
Specifies preconfigured connector IDs and configs. Default: {}. |
Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used. |
|
Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, all hosts will use the proxy, but if an action’s hostname is in this list, the proxy will not be used. The settings |
|
Specifies hostnames which should only use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, no hosts will use the proxy, but if an action’s hostname is in this list, the proxy will be used. The settings |
|
Specifies HTTP headers for the proxy, if using a proxy for actions. Default: {}. |
|
Deprecated. Use |
|
Controls the verification for the proxy server certificate that Elastic Maps Server receives when making an outbound SSL/TLS connection to the proxy server. Valid values are |
|
Deprecated. Use |
|
Controls the verification for the server certificate that Elastic Maps Server receives when making an outbound SSL/TLS connection for actions. Valid values are |
|
Specifies the max number of bytes of the http response for requests to external resources. Default: 1000000 (1MB). |
|
Specifies the time allowed for requests to external resources. Requests that take longer are aborted. The time is formatted as: |
Alerting settings
editYou do not need to configure any additional settings to use alerting in Kibana.