Kibana Alert
Create an alert that notifies you when specific conditions are met in your Kibana data.
Goal
Send a notification when the error count in your logs exceeds 100 in the last hour.
Concept
In Anaphora, an alert is a conditional report. You create alerts by:
- Capturing data from Kibana
- Evaluating conditions
- Only delivering the report when conditions are met
Steps
1. Create a New Job
- Navigate to Jobs
- Click Create New Job
2. Configure General Settings
- Frequency: Every 5 minutes (
*/5 * * * *) - Max notify frequency: 3 hours (avoid notification fatigue)
Why Throttling?
Even if errors persist every 5 minutes, you'll only get one notification in 3 hours.
3. Set Up Capture
- Select Kibana as the connector
- Enter your Kibana discover URL:
https://kibana.example.com/app/discover#/view/your-view-id - Choose authentication method: ReadonlyREST and add credentials
- Check Deliver report only if conditions are met
- Set Hits to be greater than
100
4. Compose the Alert Report
- Add a text block
- Edit the text and include
{{kibanaDiscoverHits}}to show the number of errors - Add headers and other text as needed
5. Configure Delivery
- Select a delivery interface
- Modify the body:
Alert: {{kibanaDiscoverHits}} errors in the last hour
6. Test and Save
- Test the job to verify the workflow
- Check that conditions evaluate correctly
- Save the job
Result
You'll receive alerts only when error count exceeds your threshold, with at most one notification per hour.
Next Steps
- Kibana Conditional Report - Need to also take a dashboard screenshot when the condition is met? See how to use actions for conditional reports.
- Kibana Anomaly Alert - Need to compare current events to previous events for anomaly detection? See this example for triggering alerts when events deviate from normal patterns.