You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently looking into integrating our Elastic Stack with Keep for centralizing our alert management. I would like to ask for best practices or standard ways to achieve the following:
Kibana Alerts: According to the documentation, there is a Kibana Provider which allows Keep to receive alerts via Webhooks. Could you provide an example or guidance on how to configure the Webhook connector inside Kibana to correctly format and stream alerts into Keep?
Elastic Logs: We also want to utilize Elastic Provider to query and create alerts directly from log data inside specific Elasticsearch indices. Are there any recommended workflow templates (like create_alerts_from_elastic.yml) that we can look into for scheduling log-based alerting via Keep workflows?
Architecture Confirmation:
Just to confirm my understanding of the architecture:
Is it correct that Kibana Alerting works exclusively as a Push mechanism (requiring a Webhook connector configured in Kibana to send data to Keep, as the Kibana provider cannot be used as a step/action)?
On the other hand, fetching Elastic Logs works as a Pull mechanism (where Keep acts as a client, routinely calling the Elasticsearch API to query index data via workflows)?
Any examples, sample YAML workflows, or tips regarding the required API key permissions for both Elastic and Kibana would be greatly appreciated!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Keep team,
I'm currently looking into integrating our Elastic Stack with Keep for centralizing our alert management. I would like to ask for best practices or standard ways to achieve the following:
Kibana Alerts: According to the documentation, there is a Kibana Provider which allows Keep to receive alerts via Webhooks. Could you provide an example or guidance on how to configure the Webhook connector inside Kibana to correctly format and stream alerts into Keep?
Elastic Logs: We also want to utilize Elastic Provider to query and create alerts directly from log data inside specific Elasticsearch indices. Are there any recommended workflow templates (like create_alerts_from_elastic.yml) that we can look into for scheduling log-based alerting via Keep workflows?
Architecture Confirmation:
Just to confirm my understanding of the architecture:
Is it correct that Kibana Alerting works exclusively as a Push mechanism (requiring a Webhook connector configured in Kibana to send data to Keep, as the Kibana provider cannot be used as a step/action)?
On the other hand, fetching Elastic Logs works as a Pull mechanism (where Keep acts as a client, routinely calling the Elasticsearch API to query index data via workflows)?
Any examples, sample YAML workflows, or tips regarding the required API key permissions for both Elastic and Kibana would be greatly appreciated!
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions