Kibana version 8.11.3 has it's own alerts, can this software simply monitor an index and alert? #1351
-
|
I am sorry if this has been asked a million times. I am not sure what terms to use to search for it. I see that this software can make it's own rules for alerting and push those alerts into Elasticsearch. I do not need that since self-hosted kibana with a basic license allows alerts as long as the output is a log file or an index. Is it possible to just monitor an index and alert to the configured service in elastalert when a new item is in the index? I'm not sure if I am explaining this all very well. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
ElastAlert 2 can query any index. So if Elasticsearch's own alerting system injects alert records into a dedicated alert index, and ElastAlert 2 has access to read that index then yes, it can send out notifications when a new record arrives in that index. |
Beta Was this translation helpful? Give feedback.
-
|
Yes it is possible. Here you can find where security alerts are being stored: https://www.elastic.co/guide/en/security/current/query-alert-indices.html |
Beta Was this translation helpful? Give feedback.
ElastAlert 2 can query any index. So if Elasticsearch's own alerting system injects alert records into a dedicated alert index, and ElastAlert 2 has access to read that index then yes, it can send out notifications when a new record arrives in that index.