From 97895f83021edf214a0b2b9f8605a2015cf2381b Mon Sep 17 00:00:00 2001 From: dedemorton Date: Mon, 18 Mar 2024 19:58:30 -0700 Subject: [PATCH 1/2] Add list of valid connectors to alerting rules docs --- .../infrastructure-threshold-alert.asciidoc | 6 ++--- .../logs-threshold-alert.asciidoc | 3 +-- .../metrics-threshold-alert.asciidoc | 5 ++-- .../monitor-status-alert.asciidoc | 6 +++++ .../slo-burn-rate-alert.asciidoc | 5 ++-- .../en/observability/threshold-alert.asciidoc | 3 +-- .../uptime-duration-anomaly-alert.asciidoc | 13 +++++++--- .../observability/uptime-tls-alert.asciidoc | 12 +++++++--- docs/en/shared/alerting-connectors.asciidoc | 24 +++++++++++++++++++ 9 files changed, 58 insertions(+), 19 deletions(-) create mode 100644 docs/en/shared/alerting-connectors.asciidoc diff --git a/docs/en/observability/infrastructure-threshold-alert.asciidoc b/docs/en/observability/infrastructure-threshold-alert.asciidoc index aaeff4c4ed..11ce58660f 100644 --- a/docs/en/observability/infrastructure-threshold-alert.asciidoc +++ b/docs/en/observability/infrastructure-threshold-alert.asciidoc @@ -49,10 +49,10 @@ image::images/alert-preview.png[Preview rules] [[action-types-infrastructure]] == Action types -You can extend your rules by connecting them to actions that use the following supported built-in integrations. +Extend your rules by connecting them to actions that use the following supported built-in integrations. + +include::../shared/alerting-connectors.asciidoc[] -[role="screenshot"] -image::images/alert-action-types.png[Action types] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts each hour: diff --git a/docs/en/observability/logs-threshold-alert.asciidoc b/docs/en/observability/logs-threshold-alert.asciidoc index e5b11118a2..70ffd5445a 100644 --- a/docs/en/observability/logs-threshold-alert.asciidoc +++ b/docs/en/observability/logs-threshold-alert.asciidoc @@ -108,8 +108,7 @@ ratio. In this scenario, no alert is triggered. Extend your rules by connecting them to actions that use the following supported built-in integrations. -[role="screenshot"] -image::images/alert-action-types.png[Alert action types] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: `Fired` or `Recovered`. diff --git a/docs/en/observability/metrics-threshold-alert.asciidoc b/docs/en/observability/metrics-threshold-alert.asciidoc index 98b5941510..8db0b1d087 100644 --- a/docs/en/observability/metrics-threshold-alert.asciidoc +++ b/docs/en/observability/metrics-threshold-alert.asciidoc @@ -66,10 +66,9 @@ The default value is `1`. [[action-types-metrics]] == Action types -You can extend your rules by connecting them to actions that use supported built-in integrations. +Extend your rules by connecting them to actions that use the following supported built-in integrations. -[role="screenshot"] -image::images/alert-action-types.png[Action types] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts each hour: diff --git a/docs/en/observability/monitor-status-alert.asciidoc b/docs/en/observability/monitor-status-alert.asciidoc index 0515c7b681..91061765ad 100644 --- a/docs/en/observability/monitor-status-alert.asciidoc +++ b/docs/en/observability/monitor-status-alert.asciidoc @@ -4,6 +4,12 @@ Monitor status ++++ +//REVIEWERS: I haven't updated this topic because I'm not sure if this page should exist. +//I don't see the Uptime app in the UI anymore, but maybe it's only available if users have +//installed Heartbeat? If so, users who see this topic may get confused. Should I remove this topic? +//Looks like the alerting settings for synthetics are covered here: https://www.elastic.co/guide/en/observability/8.13/synthetics-settings.html#synthetics-settings-alerting +//Also looks like the UI under Settings only covers a subset of the connectors that are available for other types of observability rules. Why? + Within the {uptime-app}, create a **Monitor Status** rule to receive notifications based on errors and outages. diff --git a/docs/en/observability/slo-burn-rate-alert.asciidoc b/docs/en/observability/slo-burn-rate-alert.asciidoc index 53d2b0732f..c32b7304eb 100644 --- a/docs/en/observability/slo-burn-rate-alert.asciidoc +++ b/docs/en/observability/slo-burn-rate-alert.asciidoc @@ -32,14 +32,13 @@ To create your SLO burn rate rule: [[action-types-slo]] == Action types -You can extend your rules by connecting them to actions that use the following +Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. You can configure action types on the <> page. -[role="screenshot"] -image::images/alert-action-types.png[Uptime rule connectors] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a *Summary of alerts* on each check interval or on a custom interval. For example, you can send email notifications that summarize the new, ongoing, and recovered alerts every twelve hours. diff --git a/docs/en/observability/threshold-alert.asciidoc b/docs/en/observability/threshold-alert.asciidoc index 5246a74406..c5b145164a 100644 --- a/docs/en/observability/threshold-alert.asciidoc +++ b/docs/en/observability/threshold-alert.asciidoc @@ -127,8 +127,7 @@ For example when it's set to `Logs`, you must have the appropriate *{observabili Extend your rules by connecting them to actions that use the following supported built-in integrations. -[role="screenshot"] -image::images/alert-action-types.png[Alert action types] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: `Alert`, `No Data`, or `Recovered`. diff --git a/docs/en/observability/uptime-duration-anomaly-alert.asciidoc b/docs/en/observability/uptime-duration-anomaly-alert.asciidoc index 848e237fe2..155bb6ad1e 100644 --- a/docs/en/observability/uptime-duration-anomaly-alert.asciidoc +++ b/docs/en/observability/uptime-duration-anomaly-alert.asciidoc @@ -4,6 +4,12 @@ Uptime duration anomaly ++++ +//REVIEWERS: I haven't updated this topic because I'm not sure if this page should exist. +//I don't see the Uptime app in the UI anymore, but maybe it's only available if users have +//installed Heartbeat? If so, users who see this topic may get confused. Should I remove this topic? +//Looks like the alerting settings for synthetics are covered here: https://www.elastic.co/guide/en/observability/8.13/synthetics-settings.html#synthetics-settings-alerting +//Also looks like the UI under Settings only covers a subset of the connectors that are available for other types of observability rules. Why? + Within the {uptime-app}, create an *Uptime duration anomaly* rule to receive notifications based on the response durations for all of the geographic locations of each monitor. When a monitor runs for an unusual amount of time, at a particular time, an anomaly is recorded and @@ -42,14 +48,15 @@ image::images/response-durations-alert.png[Uptime response duration rule] [[action-types-duration]] == Action types -You can extend your rules by connecting them to actions that use the following +Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. +//TODO: Make this intro consistent across topics. Should we define action here? + You can configure action types on the <> page. -[role="screenshot"] -image::images/alert-action-types.png[Uptime rule connectors] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. For example, send email notifications that summarize the new, ongoing, and recovered alerts every twelve hours: diff --git a/docs/en/observability/uptime-tls-alert.asciidoc b/docs/en/observability/uptime-tls-alert.asciidoc index 75273cab3c..9469903912 100644 --- a/docs/en/observability/uptime-tls-alert.asciidoc +++ b/docs/en/observability/uptime-tls-alert.asciidoc @@ -4,6 +4,13 @@ TLS certificate ++++ +//REVIEWERS: I haven't updated this topic because I'm not sure if this page should exist. +//I don't see the Uptime app in the UI anymore, but maybe it's only available if users have +//installed Heartbeat? If so, users who see this topic may get confused. Should I remove this topic? +//Looks like the alerting settings for synthetics are covered here: https://www.elastic.co/guide/en/observability/8.13/synthetics-settings.html#synthetics-settings-alerting +//Also looks like the UI under Settings only covers a subset of the connectors that are available for other types of observability rules. Why? + + Within the {uptime-app}, you can create a rule that notifies you when one or more of your monitors has a TLS certificate expiring within a specified threshold, or when it exceeds an age limit. @@ -40,14 +47,13 @@ image::images/tls-alert.png[Monitor status rule] [[action-types-certs]] == Action types -You can extend your rules by connecting them to actions that use the following +Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. You can configure action types on the <> page. -[role="screenshot"] -image::images/alert-action-types.png[TLS certificate rule connectors] +include::../shared/alerting-connectors.asciidoc[] After you select a connector, you must set the action frequency. You can choose to create a summary of alerts on each check interval or on a custom interval. Alternatively, you can set the action frequency such that you choose how often the action runs (for example, at each check interval, only when the alert status changes, or at a custom action interval). In this case, you must also select the specific threshold condition that affects when actions run: `Uptime TLS Alert` or `Recovered`. For example, send a notification when an alert status changes: diff --git a/docs/en/shared/alerting-connectors.asciidoc b/docs/en/shared/alerting-connectors.asciidoc new file mode 100644 index 0000000000..5f3d73f5ab --- /dev/null +++ b/docs/en/shared/alerting-connectors.asciidoc @@ -0,0 +1,24 @@ +* {kibana-ref}/d3security-action-type.html[D3 Security] +* {kibana-ref}/email-action-type.html[Email] +* {kibana-ref}/resilient-action-type.html[{ibm-r}] +* {kibana-ref}/index-action-type.html[Index] +* {kibana-ref}/jira-action-type.html[Jira] +* {kibana-ref}/teams-action-type.html[Microsoft Teams] +* {kibana-ref}/opsgenie-action-type.html[{opsgenie}] +* {kibana-ref}/pagerduty-action-type.html[PagerDuty] +* {kibana-ref}/server-log-action-type.html[Server log] +* {kibana-ref}/servicenow-itom-action-type.html[{sn-itom}] +* {kibana-ref}/servicenow-action-type.html[{sn-itsm}] +* {kibana-ref}/servicenow-sir-action-type.html[{sn-sir}] +* {kibana-ref}/slack-action-type.html[Slack] +* {kibana-ref}/swimlane-action-type.html[{swimlane}] +* {kibana-ref}/torq-action-type.html[Torq] +* {kibana-ref}/webhook-action-type.html[{webhook}] +* {kibana-ref}/xmatters-action-type.html[xMatters] + +[NOTE] +============================================== +Some connector types are paid commercial features, while others are free. +For a comparison of the Elastic subscription levels, go to +{subscriptions}[the subscription page]. +============================================== From e8448871c8e99d0975525226e6b432d8501e7c3c Mon Sep 17 00:00:00 2001 From: dedemorton Date: Fri, 22 Mar 2024 10:52:25 -0700 Subject: [PATCH 2/2] Resolve and remove reviewer questions --- docs/en/observability/monitor-status-alert.asciidoc | 6 ------ .../observability/uptime-duration-anomaly-alert.asciidoc | 8 -------- docs/en/observability/uptime-tls-alert.asciidoc | 7 ------- 3 files changed, 21 deletions(-) diff --git a/docs/en/observability/monitor-status-alert.asciidoc b/docs/en/observability/monitor-status-alert.asciidoc index 91061765ad..0515c7b681 100644 --- a/docs/en/observability/monitor-status-alert.asciidoc +++ b/docs/en/observability/monitor-status-alert.asciidoc @@ -4,12 +4,6 @@ Monitor status ++++ -//REVIEWERS: I haven't updated this topic because I'm not sure if this page should exist. -//I don't see the Uptime app in the UI anymore, but maybe it's only available if users have -//installed Heartbeat? If so, users who see this topic may get confused. Should I remove this topic? -//Looks like the alerting settings for synthetics are covered here: https://www.elastic.co/guide/en/observability/8.13/synthetics-settings.html#synthetics-settings-alerting -//Also looks like the UI under Settings only covers a subset of the connectors that are available for other types of observability rules. Why? - Within the {uptime-app}, create a **Monitor Status** rule to receive notifications based on errors and outages. diff --git a/docs/en/observability/uptime-duration-anomaly-alert.asciidoc b/docs/en/observability/uptime-duration-anomaly-alert.asciidoc index 155bb6ad1e..cb39846a37 100644 --- a/docs/en/observability/uptime-duration-anomaly-alert.asciidoc +++ b/docs/en/observability/uptime-duration-anomaly-alert.asciidoc @@ -4,12 +4,6 @@ Uptime duration anomaly ++++ -//REVIEWERS: I haven't updated this topic because I'm not sure if this page should exist. -//I don't see the Uptime app in the UI anymore, but maybe it's only available if users have -//installed Heartbeat? If so, users who see this topic may get confused. Should I remove this topic? -//Looks like the alerting settings for synthetics are covered here: https://www.elastic.co/guide/en/observability/8.13/synthetics-settings.html#synthetics-settings-alerting -//Also looks like the UI under Settings only covers a subset of the connectors that are available for other types of observability rules. Why? - Within the {uptime-app}, create an *Uptime duration anomaly* rule to receive notifications based on the response durations for all of the geographic locations of each monitor. When a monitor runs for an unusual amount of time, at a particular time, an anomaly is recorded and @@ -52,8 +46,6 @@ Extend your rules by connecting them to actions that use the following supported built-in integrations. Actions are {kib} services or integrations with third-party systems that run as background tasks on the {kib} server when rule conditions are met. -//TODO: Make this intro consistent across topics. Should we define action here? - You can configure action types on the <> page. include::../shared/alerting-connectors.asciidoc[] diff --git a/docs/en/observability/uptime-tls-alert.asciidoc b/docs/en/observability/uptime-tls-alert.asciidoc index 9469903912..f76aa1889f 100644 --- a/docs/en/observability/uptime-tls-alert.asciidoc +++ b/docs/en/observability/uptime-tls-alert.asciidoc @@ -4,13 +4,6 @@ TLS certificate ++++ -//REVIEWERS: I haven't updated this topic because I'm not sure if this page should exist. -//I don't see the Uptime app in the UI anymore, but maybe it's only available if users have -//installed Heartbeat? If so, users who see this topic may get confused. Should I remove this topic? -//Looks like the alerting settings for synthetics are covered here: https://www.elastic.co/guide/en/observability/8.13/synthetics-settings.html#synthetics-settings-alerting -//Also looks like the UI under Settings only covers a subset of the connectors that are available for other types of observability rules. Why? - - Within the {uptime-app}, you can create a rule that notifies you when one or more of your monitors has a TLS certificate expiring within a specified threshold, or when it exceeds an age limit.