From cdc4ec97eb314a41ecba574d95d0d863ec2b7880 Mon Sep 17 00:00:00 2001 From: dedemorton Date: Mon, 18 Mar 2024 19:58:30 -0700 Subject: [PATCH] Add list of valid connectors to alerting rules docs --- .../infrastructure-threshold-alert.asciidoc | 6 ++--- .../logs-threshold-alert.asciidoc | 3 +-- .../metrics-threshold-alert.asciidoc | 5 ++-- .../slo-burn-rate-alert.asciidoc | 5 ++-- .../en/observability/threshold-alert.asciidoc | 3 +-- .../uptime-duration-anomaly-alert.asciidoc | 7 +++--- .../observability/uptime-tls-alert.asciidoc | 5 ++-- docs/en/shared/alerting-connectors.asciidoc | 24 +++++++++++++++++++ 8 files changed, 39 insertions(+), 19 deletions(-) create mode 100644 docs/en/shared/alerting-connectors.asciidoc diff --git a/docs/en/observability/infrastructure-threshold-alert.asciidoc b/docs/en/observability/infrastructure-threshold-alert.asciidoc index aaeff4c4ed..11ce58660f 100644 --- a/docs/en/observability/infrastructure-threshold-alert.asciidoc +++ b/docs/en/observability/infrastructure-threshold-alert.asciidoc @@ -49,10 +49,10 @@ image::images/alert-preview.png[Preview rules] [[action-types-infrastructure]] == Action types -You can extend your rules by connecting them to actions that use the following supported built-in integrations. +Extend your rules by connecting them to actions that use the following supported built-in integrations. + +include::../shared/alerting-connectors.asciidoc[] -[role="screenshot"] -image::images/alert-action-types.png[Action types] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts each hour: diff --git a/docs/en/observability/logs-threshold-alert.asciidoc b/docs/en/observability/logs-threshold-alert.asciidoc index e5b11118a2..70ffd5445a 100644 --- a/docs/en/observability/logs-threshold-alert.asciidoc +++ b/docs/en/observability/logs-threshold-alert.asciidoc @@ -108,8 +108,7 @@ ratio. In this scenario, no alert is triggered. Extend your rules by connecting them to actions that use the following supported built-in integrations. -[role="screenshot"] -image::images/alert-action-types.png[Alert action types] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: `Fired` or `Recovered`. diff --git a/docs/en/observability/metrics-threshold-alert.asciidoc b/docs/en/observability/metrics-threshold-alert.asciidoc index 98b5941510..8db0b1d087 100644 --- a/docs/en/observability/metrics-threshold-alert.asciidoc +++ b/docs/en/observability/metrics-threshold-alert.asciidoc @@ -66,10 +66,9 @@ The default value is `1`. [[action-types-metrics]] == Action types -You can extend your rules by connecting them to actions that use supported built-in integrations. +Extend your rules by connecting them to actions that use the following supported built-in integrations. -[role="screenshot"] -image::images/alert-action-types.png[Action types] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts each hour: diff --git a/docs/en/observability/slo-burn-rate-alert.asciidoc b/docs/en/observability/slo-burn-rate-alert.asciidoc index 53d2b0732f..c32b7304eb 100644 --- a/docs/en/observability/slo-burn-rate-alert.asciidoc +++ b/docs/en/observability/slo-burn-rate-alert.asciidoc @@ -32,14 +32,13 @@ To create your SLO burn rate rule: [[action-types-slo]] == Action types -You can extend your rules by connecting them to actions that use the following +Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. You can configure action types on the <> page. -[role="screenshot"] -image::images/alert-action-types.png[Uptime rule connectors] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a *Summary of alerts* on each check interval or on a custom interval. For example, you can send email notifications that summarize the new, ongoing, and recovered alerts every twelve hours. diff --git a/docs/en/observability/threshold-alert.asciidoc b/docs/en/observability/threshold-alert.asciidoc index 5246a74406..c5b145164a 100644 --- a/docs/en/observability/threshold-alert.asciidoc +++ b/docs/en/observability/threshold-alert.asciidoc @@ -127,8 +127,7 @@ For example when it's set to `Logs`, you must have the appropriate *{observabili Extend your rules by connecting them to actions that use the following supported built-in integrations. -[role="screenshot"] -image::images/alert-action-types.png[Alert action types] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: `Alert`, `No Data`, or `Recovered`. diff --git a/docs/en/observability/uptime-duration-anomaly-alert.asciidoc b/docs/en/observability/uptime-duration-anomaly-alert.asciidoc index 848e237fe2..2765530b30 100644 --- a/docs/en/observability/uptime-duration-anomaly-alert.asciidoc +++ b/docs/en/observability/uptime-duration-anomaly-alert.asciidoc @@ -42,14 +42,15 @@ image::images/response-durations-alert.png[Uptime response duration rule] [[action-types-duration]] == Action types -You can extend your rules by connecting them to actions that use the following +Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. +//TODO: Make this intro consistent across topics. Should we define action here? + You can configure action types on the <> page. -[role="screenshot"] -image::images/alert-action-types.png[Uptime rule connectors] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts every twelve hours: diff --git a/docs/en/observability/uptime-tls-alert.asciidoc b/docs/en/observability/uptime-tls-alert.asciidoc index 75273cab3c..f76aa1889f 100644 --- a/docs/en/observability/uptime-tls-alert.asciidoc +++ b/docs/en/observability/uptime-tls-alert.asciidoc @@ -40,14 +40,13 @@ image::images/tls-alert.png[Monitor status rule] [[action-types-certs]] == Action types -You can extend your rules by connecting them to actions that use the following +Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. You can configure action types on the <> page. -[role="screenshot"] -image::images/alert-action-types.png[TLS certificate rule connectors] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: `Uptime TLS Alert` or `Recovered`. For example, send a notification when an alert status changes: diff --git a/docs/en/shared/alerting-connectors.asciidoc b/docs/en/shared/alerting-connectors.asciidoc new file mode 100644 index 0000000000..0b0edea05d --- /dev/null +++ b/docs/en/shared/alerting-connectors.asciidoc @@ -0,0 +1,24 @@ +* {kibana-ref}/d3security-action-type.html[D3 Security] +* {kibana-ref}/email-action-type.html[Email] +* {kibana-ref}/resilient-action-type.html[{ibm-r}] +* {kibana-ref}/index-action-type.html[Index] +* {kibana-ref}/jira-action-type.html[Jira] +* {kibana-ref}/teams-action-type.html[Microsoft Teams] +* {kibana-ref}/opsgenie-action-type.html[{opsgenie}] +* {kibana-ref}/pagerduty-action-type.html[PagerDuty] +* {kibana-ref}/server-log-action-type.html[ServerLog] +* {kibana-ref}/servicenow-itom-action-type.html[{sn-itom}] +* {kibana-ref}/servicenow-action-type.html[{sn-itsm}] +* {kibana-ref}/servicenow-sir-action-type.html[{sn-sir}] +* {kibana-ref}/slack-action-type.html[Slack] +* {kibana-ref}/swimlane-action-type.html[{swimlane}] +* {kibana-ref}/torq-action-type.html[Torq] +* {kibana-ref}/webhook-action-type.html[{webhook}] +* {kibana-ref}/xmatters-action-type.html[xMatters] + +[NOTE] +============================================== +Some connector types are paid commercial features, while others are free. +For a comparison of the Elastic subscription levels, go to +{subscriptions}[the subscription page]. +==============================================