mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
Lisa Cawley
GitHub
parent
c223e52f50
commit
94085ed48d
10 changed files with 22 additions and 29 deletions
|
|
@ -45,7 +45,7 @@ If you have alerting rules that have been snoozed, do not upgrade {kib} from
|
|||
8.3.3 to 8.4.0. Upgrade to 8.4.1 instead.
|
||||
|
||||
To determine if you have snoozed alerting rules, open the main menu, then click
|
||||
**{stack-manage-app}** -> **{rules-ui}**. Filter the rule list by selecting
|
||||
**{stack-manage-app}** -> **{rac-ui}**. Filter the rule list by selecting
|
||||
**View** -> **Snoozed**. If you must upgrade to 8.4.0, for each space, cancel
|
||||
the snooze for all affected rules before you upgrade.
|
||||
|
||||
|
|
@ -194,7 +194,7 @@ If you have upgraded to 8.3.0 or 8.3.1, and your alerting rules fail, reset the
|
|||
|
||||
To disable, then re-enable your alerting rules:
|
||||
|
||||
. Open the main menu, then click *{stack-manage-app} > {rules-ui}*.
|
||||
. Open the main menu, then click *{stack-manage-app} > {rac-ui}*.
|
||||
|
||||
. Select the failed alerting rules.
|
||||
|
||||
|
|
@ -262,7 +262,7 @@ Alerting users who are running 8.2 should not upgrade to either 8.3.0 or 8.3.1.
|
|||
Both 8.3.0 and 8.3.1 have a bug where alerting rules that were created or edited
|
||||
in 8.2 will stop running on upgrade. If you have upgraded to 8.3.0 or 8.3.1 and
|
||||
your alerting rules have stopped running with an error similar to the following
|
||||
example, you will need to go to *{stack-manage-app} > {rules-ui}*, multi-select
|
||||
example, you will need to go to *{stack-manage-app} > {rac-ui}*, multi-select
|
||||
the failed rules, click on **Manage rules > Disable** and then click on
|
||||
**Manage rules > Enable**. Disabling and re-enabling the rule will generate a
|
||||
new API key using the credentials of the user performing these actions and reset
|
||||
|
|
@ -283,7 +283,7 @@ If you have alerting rules that have been snoozed, do not upgrade {kib} from
|
|||
8.3.3 to 8.4.0. Upgrade to 8.4.1 instead.
|
||||
|
||||
To determine if you have snoozed alerting rules, open the main menu, then click
|
||||
**{stack-manage-app}** -> **{rules-ui}**. Filter the rule list by selecting
|
||||
**{stack-manage-app}** -> **{rac-ui}**. Filter the rule list by selecting
|
||||
**View** -> **Snoozed**. If you must upgrade to 8.4.0, for each space, cancel
|
||||
the snooze for all affected rules before you upgrade.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[role="xpack"]
|
||||
[[action-types]]
|
||||
== Connectors
|
||||
|
||||
|
|
@ -80,7 +79,7 @@ Rules use *Connectors* to route actions to different destinations like log files
|
|||
For more information on connectors and the types of actions available see <<action-types>>.
|
||||
|
||||
[role="screenshot"]
|
||||
image::images/connector-listing.png[Example connector listing in the Rules and Connectors UI]
|
||||
image::images/connector-listing.png[Example connector listing in the {rac-ui} UI]
|
||||
|
||||
[float]
|
||||
=== Required permissions
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ appropriate {kib} feature privileges. Refer to <<setup-cases>>.
|
|||
[[create-case-connectors]]
|
||||
== Create connectors
|
||||
|
||||
You can create connectors in *Management > {stack-manage-app} > {rules-ui}*, as
|
||||
You can create connectors in *Management > {stack-manage-app} > {rac-ui}*, as
|
||||
described in <<action-types>>. Alternatively, you can create them in
|
||||
*Management > {stack-manage-app} > Cases*:
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
Alerting allows you to define *rules* to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with {observability-guide}/create-alerts.html[*Observability*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting,*Maps*>> and {ml-docs}/ml-configuring-alerts.html[*{ml-app}*], can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, connectors>> and <<stack-rules, rules>> (known as stack rules) for you to use.
|
||||
|
||||
image::images/alerting-overview.png[Rules and Connectors UI]
|
||||
image::images/alerting-overview.png[{rac-ui} UI]
|
||||
|
||||
[IMPORTANT]
|
||||
==============================================
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[role="xpack"]
|
||||
[[alerting-setup]]
|
||||
== Alerting set up
|
||||
++++
|
||||
|
|
@ -95,7 +94,7 @@ example, in the case of imported rules), it generates a new key that has your
|
|||
security privileges.
|
||||
|
||||
You can update an API key manually in
|
||||
**{stack-manage-app} > {rules-ui}** or in the rule details page by selecting
|
||||
**{stack-manage-app} > {rac-ui}** or in the rule details page by selecting
|
||||
**Update API key** in the actions menu.
|
||||
|
||||
[IMPORTANT]
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ and Task Manager <<task-manager-diagnosing-root-cause,diagnostics endpoints>>.
|
|||
[float]
|
||||
[[alerting-managment-detail]]
|
||||
=== Using rules and connectors list for the current state and finding issues
|
||||
*Rules and Connectors* in *Stack Management* lists the rules and connectors available in the space you’re currently in. When you click a rule name, you are navigated to the <<rule-details,details page>> for the rule, where you can see currently active alerts.
|
||||
*{rac-ui}* in *{stack-manage-app}* lists the rules and connectors available in the space you're currently in. When you click a rule name, you are navigated to the <<rule-details,details page>> for the rule, where you can see currently active alerts.
|
||||
The start date on this page indicates when a rule is triggered, and for what alerts. In addition, the duration of the condition indicates how long the instance is active.
|
||||
[role="screenshot"]
|
||||
image::images/rule-details-alerts-inactive.png[Alerting management details]
|
||||
|
|
@ -62,7 +62,7 @@ curl -X POST -k \
|
|||
-d '{"params":{"subject":"hallo","message":"hallo!","to":["me@example.com"]}}'
|
||||
--------------------------------------------------
|
||||
|
||||
experimental[] In addition, there is a command-line client that uses legacy Rules and Connectors APIs, which can be easier to use, but must be updated for the new APIs.
|
||||
experimental[] In addition, there is a command-line client that uses legacy rules and connectors APIs, which can be easier to use, but must be updated for the new APIs.
|
||||
CLI tools to list, create, edit, and delete alerts (rules) and actions (connectors) are available in https://github.com/pmuellr/kbn-action[kbn-action], which you can install as follows:
|
||||
[source, txt]
|
||||
--------------------------------------------------
|
||||
|
|
@ -92,8 +92,8 @@ image::images/rules-details-health.png[Rule details page with the errors banner]
|
|||
[[task-manager-diagnostics]]
|
||||
=== Task Manager diagnostics
|
||||
|
||||
Under the hood, {rules-ui} uses a plugin called Task Manager, which handles the scheduling, running, and error handling of the tasks.
|
||||
This means that failure cases in {rules-ui} will, at times, be revealed by the Task Manager mechanism, rather than the Rules mechanism.
|
||||
Under the hood, the {alert-features} use a plugin called Task Manager, which handles the scheduling, running, and error handling of the tasks.
|
||||
This means that failure cases in the {alert-features} will, at times, be revealed by the task manager mechanism, rather than the rules mechanism.
|
||||
|
||||
Task Manager provides a visible status which can be used to diagnose issues and is very well documented <<task-manager-health-monitoring,health monitoring>> and <<task-manager-troubleshooting,troubleshooting>>.
|
||||
Task Manager uses the `.kibana_task_manager` index, an internal index that contains all the saved objects that represent the tasks in the system.
|
||||
|
|
@ -203,7 +203,7 @@ the {kib} {alert-features}.
|
|||
==== Alert visibility
|
||||
|
||||
If you create a rule in the {observability} or {security-app}, its alerts are
|
||||
not visible in *{stack-manage-app} > {rules-ui}*. You can view them only in the
|
||||
not visible in *{stack-manage-app} > {rac-ui}*. You can view them only in the
|
||||
{kib} app where you created the rule. If you use the
|
||||
<<create-rule-api,create rule API>>, the visibility of the alerts is related to
|
||||
the `consumer` property.
|
||||
|
|
|
|||
|
|
@ -1,15 +1,14 @@
|
|||
[role="xpack"]
|
||||
[[create-and-manage-rules]]
|
||||
== Create and manage rules
|
||||
|
||||
The *Rules* UI provides a cross-app view of alerting. Different {kib} apps like {observability-guide}/create-alerts.html[*Observability*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting, *Maps*>> and <<xpack-ml, *Machine Learning*>> can offer their own rules. The *Rules* UI provides a central place to:
|
||||
The *{stack-manage-app}* > *{rac-ui}* UI provides a cross-app view of alerting. Different {kib} apps like {observability-guide}/create-alerts.html[*{observability}*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting, *Maps*>> and <<xpack-ml,*{ml-app}*>> can offer their own rules. The *{rac-ui}* UI provides a central place to:
|
||||
|
||||
* <<create-edit-rules, Create and edit>> rules
|
||||
* <<controlling-rules, Manage rules>> including enabling/disabling, muting/unmuting, and deleting
|
||||
* Drill-down to <<rule-details, rule details>>
|
||||
|
||||
[role="screenshot"]
|
||||
image:images/rules-and-connectors-ui.png[Example rule listing in the Rules and Connectors UI]
|
||||
image:images/rules-and-connectors-ui.png[Example rule listing in {rac-ui}]
|
||||
|
||||
For more information on alerting concepts and the types of rules and connectors available, see <<alerting-getting-started>>.
|
||||
|
||||
|
|
@ -22,7 +21,7 @@ Access to rules is granted based on your privileges to alerting-enabled features
|
|||
[[create-edit-rules]]
|
||||
=== Create and edit rules
|
||||
|
||||
Many rules must be created within the context of a {kib} app like <<metrics-app, Metrics>>, <<xpack-apm, APM>>, or <<uptime-app, Uptime>>, but others are generic. Generic rule types can be created in the *Rules* management UI by clicking the *Create* button. This will launch a flyout that guides you through selecting a rule type and configuring its conditions and action type. Refer to <<stack-rules, Stack rules>> for details on what types of rules are available and how to configure them.
|
||||
Many rules must be created within the context of a {kib} app like <<metrics-app,Metrics>>, <<xpack-apm,APM>>, or <<uptime-app,Uptime>>, but others are generic. Generic rule types can be created in the *{rac-ui}* UI by clicking the *Create* button. This will launch a flyout that guides you through selecting a rule type and configuring its conditions and action type. Refer to <<stack-rules,Stack rules>> for details on what types of rules are available and how to configure them.
|
||||
|
||||
After a rule is created, you can re-open the flyout and change a rule's properties by clicking the *Edit* button shown on each row of the rule listing.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,8 @@
|
|||
[role="xpack"]
|
||||
[[rule-types]]
|
||||
== Rule types
|
||||
|
||||
A rule is a set of <<alerting-concepts-conditions, conditions>>, <<alerting-concepts-scheduling, schedules>>, and <<alerting-concepts-actions, actions>> that enable notifications. {kib} provides rules built into the Elastic Stack and rules registered by one of the {kib} apps.
|
||||
You can create most rules types in <<create-and-manage-rules,Stack Management > Rules and Connectors>>. For information on creating security rules, refer to {security-guide}/rules-ui-create.html[Create a detection rule].
|
||||
A rule is a set of <<alerting-concepts-conditions,conditions>>, <<alerting-concepts-scheduling,schedules>>, and <<alerting-concepts-actions,actions>> that enable notifications. {kib} provides rules built into the Elastic Stack and rules registered by one of the {kib} apps.
|
||||
You can create most rules types in <<create-and-manage-rules,{stack-manage-app} > {rac-ui}>>. For information on creating security rules, refer to {security-guide}/rules-ui-create.html[Create a detection rule].
|
||||
|
||||
[NOTE]
|
||||
==============================================
|
||||
|
|
@ -44,7 +43,7 @@ Observability rules are categorized into APM and User Experience, Logs, Metrics,
|
|||
[NOTE]
|
||||
==============================================
|
||||
If you create a rule in the {observability} app, its alerts are not visible in
|
||||
*{stack-manage-app} > {rules-ui}*. They are visible only in the {observability} app.
|
||||
*{stack-manage-app} > {rac-ui}*. They are visible only in the {observability} app.
|
||||
==============================================
|
||||
|
||||
[cols="2*<"]
|
||||
|
|
@ -83,7 +82,7 @@ Security rules detect suspicious source events with pre-built or custom rules an
|
|||
[NOTE]
|
||||
==============================================
|
||||
Alerts associated with security rules are visible only in the {security-app};
|
||||
they are not visible in *{stack-manage-app} > {rules-ui}*.
|
||||
they are not visible in *{stack-manage-app} > {rac-ui}*.
|
||||
==============================================
|
||||
|
||||
include::rule-types/index-threshold.asciidoc[]
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[role="xpack"]
|
||||
[[alerting-common-issues]]
|
||||
=== Common Issues
|
||||
|
||||
|
|
@ -284,6 +283,6 @@ to 8.3.0 or 8.3.1. The following error occurs:
|
|||
*Solution*:
|
||||
|
||||
Upgrade to 8.3.2 or later releases to avoid the problem. To fix failing rules,
|
||||
go to *{stack-manage-app} > {rules-ui}* and generate new API keys by selecting
|
||||
go to *{stack-manage-app} > {rac-ui}* and generate new API keys by selecting
|
||||
**Update API key** from the actions menu. For more details about API key
|
||||
authorization, refer to <<alerting-authorization>>.
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
[role="xpack"]
|
||||
[[testing-connectors]]
|
||||
=== Test connectors
|
||||
|
||||
|
||||
By using Kibana Management UI you can test a newly created Connector by navigating to the Test tab of Connector Edit flyout or by clicking "Save & test" button on Create flyout:
|
||||
In *{stack-manage-app} > {rac-ui}*, you can test a newly created Connector by navigating to the Test tab of Connector Edit flyout or by clicking "Save & test" button on Create flyout:
|
||||
[role="screenshot"]
|
||||
image::user/alerting/images/connector-save-and-test.png[Rule management page with the errors banner]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue