maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/user/alerting/action-types/index.asciidoc
ymao1 71ed148cfe
[Alerting] Preconfigured alert history index connector (#94909) 
* Adding preconfigured alert history index

* Adding functions to build alert history document

* Adding functions to build alert history document

* Moving index template creation to plugin start

* Adding unit tests

* Adding unit tests

* Adding unit tests

* Simplifying

* Revert "Merge branch 'master' of https://github.com/elastic/kibana into alerting/default-es-index-schema"

This reverts commit 957c333aa4, reversing
changes made to 4b1b78761e.

* Reverting some changes

* Reverting some changes

* Adding index override

* Updating UI with index override

* Only allow indexOverride for preconfigured alert history connector

* Handling preconfigured connector id clashes

* Cleanup

* UI unit tests

* Fixing default schema shown in UI

* Fixing functional tests

* Adding functional test

* Fixing functional tests

* Adding docs and link to docs

* Adding config to docker allowlist

* Fixing wrong typescript operator

* Changing default for config to false

* Cleanup

* Adding note about index privileges to docs

* Fixing i18n

* PR fixes

* PR fixes

* PR fixes

* PR fixes - wording

* PR fixes

* Fixing unit and functional tests

* Fixing types check

* ES -> Elasticsearch

* Moving files

* Adding kibana- to beginning of prefix

* Namespacing alert data within schema with kibana

* Fix i18n

* Updating docs

* Fixing unit tests

* Fixing doc links

* Fixing types check

* PR fixes

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2021-04-08 18:18:44 -04:00

119 lines
4.1 KiB
Plaintext
Raw Blame History

[role="xpack"]
[[index-action-type]]
=== Index connector and action
++++
<titleabbrev>Index</titleabbrev>
++++
The index connector will index a document into {es}. See also the {ref}/indices-create-index.html[create index API].
[float]
[[index-connector-configuration]]
==== Connector configuration
Index connectors have the following configuration properties.
Name:: The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.
Index:: The {es} index to be written to.
Refresh:: Setting for the {ref}/docs-refresh.html[refresh] policy for the write request.
Execution time field:: This field will be automatically set to the time the alert condition was detected.
[float]
[[Preconfigured-index-configuration]]
==== Preconfigured connector type
[source,text]
--
my-index:
name: preconfigured-index-connector-type
actionTypeId: .index
config:
index: .kibana
refresh: true
executionTimeField: somedate
--
Config defines information for the connector type.
`index`:: A string that corresponds to *Index*.
`refresh`:: A boolean that corresponds to *Refresh*. Defaults to `false`.
`executionTimeField`:: A string that corresponds to *Execution time field*.
[float]
[[index-action-configuration]]
==== Action configuration
Index actions have the following properties.
Document:: The document to index in JSON format.
[float]
[[index-action-example]]
==== Example
Example of the index document for Index Threshold rule:
[source,text]
--------------------------------------------------
{
"rule_id": "{{ruleId}}",
"rule_name": "{{ruleName}}",
"alert_id": "{{alertId}}",
"context_message": "{{context.message}}"
}
--------------------------------------------------
Example of creating a test index using the API.
[source,text]
--------------------------------------------------
PUT test
{
"settings" : {
"number_of_shards" : 1
},
"mappings" : {
"properties" : {
"rule_id" : { "type" : "text" },
"rule_name" : { "type" : "text" },
"alert_id" : { "type" : "text" },
"context_message": { "type" : "text" }
}
}
}
--------------------------------------------------
[float]
[[preconfigured-connector-alert-history]]
=== Alert history {es} index connector
experimental[] {kib} offers a preconfigured index connector to facilitate indexing active alert data into {es}.
[WARNING]
==================================================
This functionality is experimental and may be changed or removed completely in a future release.
==================================================
To use this connector, set the <<action-settings, `xpack.actions.preconfiguredAlertHistoryEsIndex`>> configuration to `true`.
```js
xpack.actions.preconfiguredAlertHistoryEsIndex: true
```
When creating a new rule, add an <<index-action-type, Index action>> and select the `Alert history Elasticsearch index (preconfigured)` connector.
[role="screenshot"]
image::images/pre-configured-alert-history-connector.png[Select pre-configured alert history connectors]
Documents are indexed using a preconfigured schema that captures the <<defining-alerts-actions-variables, action variables>> available for the rule. By default, these documents are indexed into the `kibana-alert-history-default` index, but you can specify a different index. Index names must start with `kibana-alert-history-` to take advantage of the preconfigured alert history index template.
[IMPORTANT]
==============================================
To write documents to the preconfigured index, you must have `all` or `write` privileges to the `kibana-alert-history-*` indices. Refer to <<xpack-kibana-role-management>> for more information.
==============================================
[NOTE]
==================================================
The `kibana-alert-history-*` indices are not configured to use ILM so they must be maintained manually. If the index size grows large,
consider using the {ref}/docs-delete-by-query.html[delete by query] API to clean up older documents in the index.
==================================================
Reference in a new issue View git blame Copy permalink