elasticsearch/docs/reference/transform/transform-alerts.asciidoc

[[transform-alerts]]
= Generating alerts for {transforms}
:frontmatter-description: Create {transform} health rules.
:frontmatter-tags-products: [alerting]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

{kib} {alert-features} include support for {transform} health rules, which 
check the health of {ctransforms} with certain conditions. If the conditions of
the rule are met, an alert is created and the associated actions run. For 
example, you can create a rule to check if a {ctransform} is started and to 
notify you in an email if it is not. To learn more about {kib} {alert-features}, 
refer to 
{kibana-ref}/alerting-getting-started.html#alerting-getting-started[Alerting].

[[creating-transform-rules]]
== Creating a rule

You can create {transform} rules under **{stack-manage-app} > {rules-ui}**.

On the *Create rule* window, give a name to the rule and optionally provide 
tags. Select the {transform} health rule type:

[role="screenshot"]
image::images/transform-rule.png["Creating a transform health rule",500]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

Select the {transform} or {transforms} to include. You can also use a special 
character (`*`) to apply the rule to all your {transforms}. {transforms-cap} 
created after the rule are automatically included.

The following health checks are available and enabled by default:

_{transform-cap} is not started_:: 
  Notifies if the corresponding {transforms} is not started or it does not index 
  any data. The notification message recommends the necessary actions to solve 
  the error.

_Errors in {transform} messages_:: 
  Notifies if {transform} messages contain errors.

[role="screenshot"]
image::images/transform-check-config.png["Selecting health check",500]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

As the last step in the rule creation process, define its actions.
  
[[defining-actions]]
== Defining actions

You can add one or more actions to your rule to generate notifications when its
conditions are met and when they are no longer met. In particular, this rule
type supports:

* alert summaries
* actions that run when an issue is detected
* recovery actions that run when the rule conditions are no longer met

For each action, you must choose a connector, which provides connection
information for a {kib} service or third party integration. For more information
about all the supported connectors, go to
{kibana-ref}/action-types.html[Connectors].

After you select a connector, you must set the action frequency. You can choose
to create a summary of alerts on each check interval or on a custom interval.
For example, send notifications that summarize the new, ongoing, and recovered
alerts:

[role="screenshot"]
image::images/transform-alert-summary-actions.png["Setting action frequency to summary of alerts",500]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

TIP: If you choose a custom action interval, it cannot be shorter than the
rule's check interval.

Alternatively, you can set the action frequency such that actions run for each
alert. Choose how often the action runs (at each check interval, only when the
alert status changes, or at a custom action interval). You must also choose an
action group, which indicates whether the action runs when the issue is detected
or when it is recovered.

You can further refine the conditions under which actions run by specifying that
actions only run when they match a KQL query or when an alert occurs within a
specific time frame.

There is a set of variables that you can use to customize the notification
messages for each action. Click the icon above the message text box to get the
list of variables or refer to <<transform-action-variables>>.

[role="screenshot"]
image::images/transform-alert-actions.png["Selecting action variables",500]
// NOTE: This is screenshot is automatically generated. Do not edit it directly.

After you save the configurations, the rule appears in the *{rules-ui}* list 
where you can check its status and see the overview of its configuration 
information.

The name of an alert is always the same as the {transform} ID of the associated 
{transform} that triggered it. You can mute the notifications for a particular 
{transform} on the page of the rule that lists the individual alerts. You can 
open it via *{rules-ui}* by selecting the rule name.

[[transform-action-variables]]
== Action variables

The following variables are specific to the {transform} health rule type.
You can also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].

`context.message`::
A preconstructed message for the rule. For example: `Transform test-1 is not started.`

`context.results`::
The most recent results, which you can iterate over by using the 
https://mustache.github.io/[Mustache] template array syntax. For example, the
message in an email connector action might contain:
+
--
[source,sh]
--------------------------------------------------
[{{rule.name}}] Transform health check result:
{{context.message}}
{{#context.results}}
  Transform ID: {{transform_id}}
  {{#description}}Transform description: {{description}}
  {{/description}}{{#transform_state}}Transform state: {{transform_state}}
  {{/transform_state}}{{#health_status}}Transform health status: {{health_status}}
  {{/health_status}}{{#issues}}Issue: {{issue}}
  Issue count: {{count}}
  {{#details}}Issue details: {{details}}
  {{/details}}{{#first_occurrence}}First occurrence: {{first_occurrence}}
  {{/first_occurrence}}
  {{/issues}}{{#failure_reason}}Failure reason: {{failure_reason}}
  {{/failure_reason}}{{#notification_message}}Notification message: {{notification_message}}
  {{/notification_message}}{{#node_name}}Node name: {{node_name}}
  {{/node_name}}{{#timestamp}}Timestamp: {{timestamp}}
  {{/timestamp}}
{{/context.results}}
--------------------------------------------------
--

For more examples, refer to
{kibana-ref}/rule-action-variables.html[Rule action variables].