71ed148cfe
* Adding preconfigured alert history index * Adding functions to build alert history document * Adding functions to build alert history document * Moving index template creation to plugin start * Adding unit tests * Adding unit tests * Adding unit tests * Simplifying * Revert "Merge branch 'master' of https://github.com/elastic/kibana into alerting/default-es-index-schema" This reverts commit957c333aa4, reversing changes made to4b1b78761e. * Reverting some changes * Reverting some changes * Adding index override * Updating UI with index override * Only allow indexOverride for preconfigured alert history connector * Handling preconfigured connector id clashes * Cleanup * UI unit tests * Fixing default schema shown in UI * Fixing functional tests * Adding functional test * Fixing functional tests * Adding docs and link to docs * Adding config to docker allowlist * Fixing wrong typescript operator * Changing default for config to false * Cleanup * Adding note about index privileges to docs * Fixing i18n * PR fixes * PR fixes * PR fixes * PR fixes - wording * PR fixes * Fixing unit and functional tests * Fixing types check * ES -> Elasticsearch * Moving files * Adding kibana- to beginning of prefix * Namespacing alert data within schema with kibana * Fix i18n * Updating docs * Fixing unit tests * Fixing doc links * Fixing types check * PR fixes Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
97 lines
5.8 KiB
Text
97 lines
5.8 KiB
Text
[role="xpack"]
|
|
[[alert-action-settings-kb]]
|
|
=== Alerting and action settings in {kib}
|
|
++++
|
|
<titleabbrev>Alerting and action settings</titleabbrev>
|
|
++++
|
|
|
|
Alerts and actions are enabled by default in {kib}, but require you configure the following in order to use them:
|
|
|
|
. <<using-kibana-with-security,Set up {kib} to work with {stack} {security-features}>>.
|
|
. <<configuring-tls-kib-es,Set up TLS encryption between {kib} and {es}>>.
|
|
. If you are using an *on-premises* Elastic Stack deployment, <<general-alert-action-settings,specify a value for `xpack.encryptedSavedObjects.encryptionKey`>>.
|
|
|
|
You can configure the following settings in the `kibana.yml` file.
|
|
|
|
|
|
[float]
|
|
[[general-alert-action-settings]]
|
|
==== General settings
|
|
|
|
[cols="2*<"]
|
|
|===
|
|
|
|
| `xpack.encryptedSavedObjects`
|
|
`.encryptionKey`
|
|
| A string of 32 or more characters used to encrypt sensitive properties on alerting rules and actions before they're stored in {es}. Third party credentials — such as the username and password used to connect to an SMTP service — are an example of encrypted properties. +
|
|
+
|
|
{kib} offers a <<kibana-encryption-keys, CLI tool>> to help generate this encryption key. +
|
|
+
|
|
If not set, {kib} will generate a random key on startup, but all alerting and action functions will be blocked. Generated keys are not allowed for alerting and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerting and actions in high-availability deployments of {kib} will behave unexpectedly if the key isn't the same on all instances of {kib}. +
|
|
+
|
|
Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <<secure-settings,{kib} Keystore>>.
|
|
Be sure to back up the encryption key value somewhere safe, as your alerting rules and actions will cease to function due to decryption failures should you lose it. If you want to rotate the encryption key, be sure to follow the instructions on <<encryption-key-rotation, encryption key rotation>>.
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[action-settings]]
|
|
==== Action settings
|
|
|
|
[cols="2*<"]
|
|
|===
|
|
| `xpack.actions.enabled`
|
|
| Feature toggle that enables Actions in {kib}. Defaults to `true`.
|
|
|
|
| `xpack.actions.allowedHosts` {ess-icon}
|
|
| A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. +
|
|
+
|
|
Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically added to allowed hosts. If you are not using the default `[*]` setting, you must ensure that the corresponding endpoints are added to the allowed hosts as well.
|
|
|
|
| `xpack.actions.enabledActionTypes` {ess-icon}
|
|
| A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, and `.webhook`. An empty list `[]` will disable all action types. +
|
|
+
|
|
Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.
|
|
|
|
| `xpack.actions`
|
|
`.preconfiguredAlertHistoryEsIndex` {ess-icon}
|
|
| Enables a preconfigured alert history {es} <<index-action-type, Index>> connector. Defaults to `false`.
|
|
|
|
| `xpack.actions.preconfigured`
|
|
| Specifies preconfigured connector IDs and configs. Defaults to {}.
|
|
|
|
| `xpack.actions.proxyUrl` {ess-icon}
|
|
| Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used.
|
|
|
|
| `xpack.actions.proxyBypassHosts` {ess-icon}
|
|
| Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, all hosts will use the proxy, but if an action's hostname is in this list, the proxy will not be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time.
|
|
|
|
| `xpack.actions.proxyOnlyHosts` {ess-icon}
|
|
| Specifies hostnames which should only use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, no hosts will use the proxy, but if an action's hostname is in this list, the proxy will be used. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time.
|
|
|
|
| `xpack.actions.proxyHeaders` {ess-icon}
|
|
| Specifies HTTP headers for the proxy, if using a proxy for actions. Defaults to {}.
|
|
|
|
a|`xpack.actions.`
|
|
`proxyRejectUnauthorizedCertificates` {ess-icon}
|
|
| Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Defaults to `true`.
|
|
|
|
| `xpack.actions.rejectUnauthorized` {ess-icon}
|
|
| Set to `false` to bypass certificate validation for actions. Defaults to `true`. +
|
|
+
|
|
As an alternative to setting both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, you can point the OS level environment variable `NODE_EXTRA_CA_CERTS` to a file that contains the root CAs needed to trust certificates.
|
|
|
|
| `xpack.actions.maxResponseContentLength` {ess-icon}
|
|
| Specifies the max number of bytes of the http response for requests to external resources. Defaults to 1000000 (1MB).
|
|
|
|
| `xpack.actions.responseTimeout` {ess-icon}
|
|
| Specifies the time allowed for requests to external resources. Requests that take longer are aborted. The time is formatted as <count>[ms|s|m|h|d|w|M|Y], for example, '20m', '24h', '7d', '1w'. Defaults to 60s.
|
|
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[alert-settings]]
|
|
==== Alerting settings
|
|
|
|
You do not need to configure any additional settings to use alerting in {kib}.
|