Creating a rule in elastalert kibana plugin for kibana dashboard

Question

My Elasticsearch and Kibana are running on localhost:9200 and localhost:5601.

I have installed elastalert-kibana-plugin and its running on port localhost:3030

I have created a dashboard in kibana.

here is the image of the kibana dashboard

Now I want to raise an Email alert when the count exceeds 3 in the above mentioned dashboard.

Now, how to write a rule in elastalert kibana plugin as in the below image for raising a email alert. I have already setup the Postfix SMTP for email alerting on my system.

I have tried creating a rule like this:

here is the image of the rule

So, I want to write a rule to create a email alert when the data on the dashboard panel exceeds the threshold value. Can anyone tell me how to write a rule using the kibana dashboard url.

Sourav · Answer 1 · 2020-08-06T18:06:38.440

0

Rule:

realert:
  hours: 2

name: something
type: any
use_kibana4_dashboard: something 
filter:
 - range:
      Count:
        gt: 3
alert:
 - something

You need or must have to use realert, such that you only get a maximum of one alert per 2 hours as because the default of 1 minute would cause this rule to alert each minute until the alert condition was resolved.

Note: Replace something in rule with your exact values.

edited Aug 06 '20 at 18:06

answered Aug 06 '20 at 18:01

Sourav

3,025
2
13
29

can you please explain what gt is in filter. – rana bhagath chand Aug 08 '20 at 09:45
[gt: Greater than](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html#range-query-field-params) – Sourav Aug 08 '20 at 11:03

Creating a rule in elastalert kibana plugin for kibana dashboard

1 Answers1