Send Kibana watch alerts to Slack channel

In this article we will see how to configure Kibana watchers to send alerts to a Slack channel. Watcher is an Elasticsearch feature that you can use to create actions based on conditions, which are periodically evaluated using queries on your data. Watches are helpful for analyzing mission-critical and business-critical streaming data. For example, you might watch application logs for performance outages or audit access logs for security threats.

Login into the Kibana dashboard. You need to have the rights to create the watchers. Click on the ‘Management’ link on the menu.

Figure 1. Management

Now click on the Watchers link

Figure 2. Watchers

Here you will see the existing watchers. Now click on the Create advanced watch.

Figure 3. Create advance watch

Here you can create a new watch by giving the ID, Name and updating the Watch JSON.

Figure 4. New watch

Modify the action section in the JSON as below:

"actions": {
  "NotifySlack": {
    "webhook": {
      "scheme": "https",
      "host": "hooks.slack.com",
      "port": 443,
      "method": "post",
      "path": "<service-path>",
      "params": {},
      "headers": {
        "Content-type": "application/json"
      },
      "body": "{\"channel\": \"#<channel-name>\",  \"link_names\": \"1\",  \"username\": \"Kibana Watcher\", \"text\": \"Error" }"
    }
  }
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: