8.1: First Alert

Objective:

In this lab, you will learn how to create a simple Threshold Alert using Kibana Alerting.

  1. First, access Stack Management, where you will find the Alerts and Insights section.

    • > Stack Management

  2. Next, click Rules under the Alerts and Insights section.

  3. There aren't any rules created yet, so let's click Create rule.

  4. Name your rule "My first rule" in the Create rule panel that opens on the side. "Create rule"

  5. Select Index threshold as rule type. You can either scroll down through the available options or use the integrated search bar. "Index threshold"

  6. Now, configure your rule with the following settings:

    • set INDEX to kibana_sample_data_logs and @timestamp as the Time field
    • set IS ABOVE to 5
    • set FOR THE LAST to 30 minutes
    • set Check every to 5 minutes
      You should also see a preview of the content of the index: "Index threshold settings"

  7. Finally, let's configure the Action. This section will define which action to take if there's a match to the rule conditions. Your lab is configured with a predefined Email connector, so click Email to use the preconfigured Demo emails connector in the next step.

  8. Set your email address in the To field and provide a subject in the Subject field.

  9. Leave the rest as it is and click Add action. "Alerting action"

  10. Click Save to save your first rule.

  11. Now that your rule is created, you can verify its status in the Rules page. "Rules"

  12. Wait until the Last response column is Active and check your inbox. You should have received an email like the one below. "Email Example"

Summary:

In this lab, you created a simple rule to notify you whenever the count of documents of your index is over a threshold during a certain amount of time and you verified how to use Connectors to receive email Alerts.