Kibana

Send alert details to Squadcast from Kibana

Kibana is a free and open user interface that lets you visualize your Elasticsearch data and navigate the Elastic Stack.

Route detailed alerts from Kibana to the right users in Squadcast.

How to integrate Kibana with Squadcast

In Squadcast: Using Kibana as an Alert Source

Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

2. Select Kibana. Copy the displayed Webhook URL to configure it within Kibana. Finish by clicking Add Alert Source -> Done.

Important:

When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

In Kibana: Create a Squadcast webhook alert

From the navigation bar on the left, select Management and then, select Stack Management

Select Alerts and Insights -> Rules and Connectors

Navigate to Connectors and click on Create Connector.

Select Webhook as a Connector.

Provide a name for Connector name, choose Method as POST and paste the previously copied Squadcast Webhook URL in the URL field. Click on Save. Furthermore, please activate the Add HTTP header slider. Enter the header with the following content: content-type: application/json. Finally, click on the Save button.

Head over to Rules and click on Create Rules. Provide a name for the rule and select any of the options from the supported rule scenarios: (a) APM AND USER EXPERIENCE (b) LOGS (c) MACHINE LEARNING (d) METRICS (e) UPTIME
Select Webhook in the Action section.

Next, select the previously created Connector in the Webhook connector drop-down and paste the below JSON in the placeholder for Body and click on Save

{
    "actionGroupName": "{{alert.actionGroupName}}",
    "actionSubgroup": "{{alert.actionSubgroup}}",
    "alert_id": "{{alert.id}}",
    "actionGroup": "{{alert.actionGroup}}",
    "conditions": "{{context.conditions}}",
    "denominatorConditions": "{{context.denominatorConditions}}",
    "group": "{{context.group}}",
    "isRatio": "{{context.isRatio}}",
    "matchingDocuments": "{{context.matchingDocuments}}",
    "numeratorConditions": "{{context.numeratorConditions}}",
    "ratio": "{{context.ratio}}",
    "timestamp": "{{context.timestamp}}",
    "date": "{{date}}",
    "kibanaBaseUrl": "{{kibanaBaseUrl}}",
    "rule_id": "{{rule.id}}",
    "name": "{{rule.name}}",
    "spaceId": "{{rule.spaceId}}",
    "tags": "{{rule.tags}}",
    "type": "{{rule.type}}",
    "environment": "{{context.environment}}",
    "serviceName": "{{context.serviceName}}",
    "threshold": "{{context.threshold}}",
    "transactionType": "{{context.transactionType}}",
    "triggerValue": "{{context.triggerValue}}",
    "interval": "{{context.interval}}",
    "isInterim": "{{context.isInterim}}",
    "jobIds": "{{context.jobIds}}",
    "message": "{{context.message}}",
    "score": "{{context.score}}",
    "topInfluencers": "{{context.topInfluencers}}",
    "topRecords": "{{context.topRecords}}",
    "anomalyExplorerUrl": "{{context.anomalyExplorerUrl}}",
    "timestampIso8601": "{{context.timestampIso8601}}",
    "results": "{{context.results}}",
    "metric": "{{context.metric}}",
    "reason": "{{context.reason}}",
    "value": "{{context.value}}",
    "alertState": "{{context.alertState}}",
    "currentTriggerStarted": "{{state.currentTriggerStarted}}",
    "firstCheckedAt": "{{state.firstCheckedAt}}",
    "firstTriggeredAt": "{{state.firstTriggeredAt}}",
    "isTriggered": "{{state.isTriggered}}",
    "lastCheckedAt": "{{state.lastCheckedAt}}",
    "lastResolvedAt": "{{state.lastResolvedAt}}",
    "lastTriggeredAt": "{{state.lastTriggeredAt}}",
    "latestErrorMessage": "{{state.latestErrorMessage}}",
    "monitorId": "{{state.monitorId}}",
    "monitorName": "{{state.monitorName}}",
    "monitorType": "{{state.monitorType}}",
    "monitorUrl": "{{state.monitorUrl}}",
    "observerHostname": "{{state.observerHostname}}",
    "observerLocation": "{{state.observerLocation}}",
    "statusMessage": "{{state.statusMessage}}",
    "downMonitorsWithGeo": "{{context.downMonitorsWithGeo}}",
    "agingCommonNameAndDate": "{{state.agingCommonNameAndDate}}",
    "agingCount": "{{state.agingCount}}",
    "count": "{{state.count}}",
    "expiringCommonNameAndDate": "{{state.expiringCommonNameAndDate}}",
    "expiringCount": "{{state.expiringCount}}"
}

That is it, you are now good to go!

Whenever an alert is generated in Kibana, an incident will be created in Squadcast.
For any queries, please reach out to our Support team and they will be happy to assist you with your Kibana queries.

Have any questions? Ask the community.

PreviousKomodor NextLibreNMS

Last updated 1 year ago

Was this helpful?