github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Conditional actions in Kibana alerting summary (#158045)

Browse source
This commit is contained in:
Lisa Cawley 2023-05-23 10:50:17 -07:00 committed by GitHub
parent 1b71d2ca3c
commit c5a1d6b5f4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/user/alerting/alerting-getting-started.asciidoc
View file

@ -77,6 +77,9 @@ Rather than repeatedly entering connection information and credentials for each
The _action frequency_ defines when the action runs (for example, only when the alert status changes or at specific time intervals). Each rule type also has a set of the _action groups_ that affects when the action runs (for example, when the threshold is met or when the alert is recovered). If you want to reduce the number of notifications you receive without affecting their timeliness, some rule types support alert summaries. You can set the action frequency such that you receive notifications that summarize the new, ongoing, and recovered alerts at your preferred time intervals.
Some types of rules enable you to further refine the conditions under which actions run.
For example, you can specify that actions run only when an alert occurs within a specific time frame or when it matches a KQL query.
Each action definition is therefore a template: all the parameters needed to invoke a service are supplied except for specific values that are only known at the time the rule condition is detected.
In the server monitoring example, the `email` connector type is used, and `server` is mapped to the body of the email, using the template string `CPU on {{server}} is high`.

3
docs/user/alerting/create-and-manage-rules.asciidoc
View file

@ -81,6 +81,9 @@ Alternatively, you can set the action frequency such that the action runs for ea
image::images/rule-flyout-action-details.png[UI for defining an email action,500]
// NOTE: This is an autogenerated screenshot. Do not edit it directly.
If you create rules in the {security-app}, you can further refine when actions run by adding time frame and query filters.
For more details, refer to {security-guide}/rules-ui-create.html[Create a detection rule].
Each connector enables different action properties. For example, an email connector enables you to set the recipients, the subject, and a message body in markdown format. For more information about connectors, refer to <<action-types>>.
[[alerting-concepts-suppressing-duplicate-notifications]]