search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.68k stars 8.23k forks source link

Stack Monitoring + Kibana Alerting - Default Action #106690

Open MHenn1g opened 3 years ago

MHenn1g commented 3 years ago

Describe the feature: As I understand the current documentation, the default action for all Stack Monitoring rules is to write to Kibana logs and display a notification in the UI.

My request would be to integrate a switch into the Kibana configuration, which allows to adapt this default behaviour and to make it possible to link the alerts, which are generated by the stack monitoring, to a pre defined connector. For example something like: xpack.monitoring.kibanaAlertsDefaultConnector: <CONNECTOR_NAME>

Describe a specific use case for the feature: In our current use case, Elastic Stacks may be deployed and utilized dynamically via self service by the developers.

Each Stack which is deployed sends metrics and logs to centralized monitoring cluster. Alerts are out of the box generated for each of the registered clusters, however by default send to the Kibana Log. Of course, we can utilize a process which parses these Kibana logs for new alerts and then (e.g. via watcher) sends out emails if new alerts were thrown.

However, I think this could be more streamlined. For instance, inside this monitoring cluster, we could set a preconfigured email connector:

xpack:
  actions:
    preconfigured:
      standard-mail-server:
        actionTypeId: .email
        config:
          from: eck@example.com
          host: smail.example.com
          port: 25
          secure: false
        name: standard-mail-server

And Kibana Alerts could be utilized directly to relay alerts of every cluster in the stack monitoring automatically to this connector. Currently, the only way to attach the connector seems to be this manual process, which I retrieved from https://github.com/elastic/kibana/issues/95969 and which needs to be set for every alert by hand: image

To allow for more automation in deploying the monitoring instance, it would be really helpful, if a setting exists in the kibana.yml to automatically send the alerts to the preconfigured mail server instead of the Kibana log, therefore eliminating the need to configure this inside the web interface.

elasticmachine commented 3 years ago

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

elasticmachine commented 3 years ago

Pinging @elastic/stack-monitoring (Team:Monitoring)