elasticsearch/docs/reference/transform/transform-alerts.asciidoc

[role="xpack"]
[[transform-alerts]]
= Generating alerts for {transforms}

beta::[]

{kib} {alert-features} include support for {transform} rules, which check the 
health of {ctransforms} with certain conditions. If the conditions of the rule 
are met, an alert is created and the associated action is triggered. For 
example, you can create a rule to check if a {ctransform} is started and to 
notify you in an email if it is not. To learn more about {kib} {alert-features}, 
refer to 
{kibana-ref}/alerting-getting-started.html#alerting-getting-started[Alerting].

The following {transform} rules are available:

{transform-cap} health:: 
  Monitors {transforms} health and alerts if an operational issue occurred.


[[creating-transform-rules]]
== Creating a rule

You can create {transform} rules under **{stack-manage-app} > {rules-ui}**.

On the *Create rule* window, give a name to the rule and optionally provide 
tags. Select the {transform} health rule type:

[role="screenshot"]
image::images/transform-rule.png["Creating a transform health rule"]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

[[creating-transform-health-rules]]
=== {transform-cap} health

Select the {transform} or {transforms} to include. You can also use a special 
character (`*`) to apply the rule to all your {transforms}. {transforms-cap} 
created after the rule are automatically included.

The following health check is available and enabled by default:

_{transform-cap} is not started_:: 
  Notifies if the corresponding {transforms} is not started or it does not index 
  any data. The notification message recommends the necessary actions to solve 
  the error.

_Errors in {transform} messages_:: 
  Notifies if {transform} messages contain errors.

[role="screenshot"]
image::images/transform-check-config.png["Selecting health check"]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

As the last step in the rule creation process, define the actions that occur when the conditions are met.
  

[[defining-actions]]
== Defining actions

Connect your rule to actions that use supported built-in integrations by 
selecting a connector type. Connectors are {kib} services or third-party 
integrations that perform an action when the rule conditions are met or the 
alert is recovered. You can select in which case the action will run. For
example, you can choose a Slack connector and configure it to send a message to
a specific channel. Alternatively, you can create an index connector that 
writes the JSON object you configure to a specific index.

After you select a connector, you must set the action frequency. Options include
running actions at each check interval, only when the alert status changes, or
at a custom action interval. For this particular type of rule, you can run
actions when an issue is detected and when it is recovered. An alert remains
active as long as the configured conditions are met during the check interval.
When there is no matching condition in the next interval, the `Recovered` action
group is invoked and the status of the alert changes to `OK`.

It's also possible to customize the notification messages for each action. A
list of variables is available to include in the message, like {transform} ID,
description, {transform} state, and so on.

[role="screenshot"]
image::images/transform-alert-actions.png["Selecting connector type"]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

After you save the configurations, the rule appears in the *{rules-ui}* list 
where you can check its status and see the overview of its configuration 
information.

The name of an alert is always the same as the {transform} ID of the associated 
{transform} that triggered it. You can mute the notifications for a particular 
{transform} on the page of the rule that lists the individual alerts. You can 
open it via *{rules-ui}* by selecting the rule name.