Kibana Alerts

SearchBlox 9.x uses Kibana 6.6 which supports Alerting feature. One can generate alerts when searching for a specific term or when the search count exceeds a certain predefined value etc. Steps for the same has been provided in the following:

Step 1: Go to Alerts

Click Alerting Tab from the left Menu

Step 2: Create Monitor

Create Monitor by providing the name of the monitor, the frequency in which monitor has to run, whether visual graph is provided or an extraction query will be provided for monitoring and the Index (that is, the collection) for which the monitoring is being done. Collection indices that is, idx001 for collection no 1 and so on as well as SearchBlox internal indices such as querylogs can be provided as the index to be monitored. One can also add more than one index at a time.

Defining Monitor using Visual graph

Defining Monitor for extraction query
Sample extraction query

{
    "query": {
        "match": {
            "content": {
                "query": "world",
                "operator": "OR",
                "prefix_length": 0,
                "max_expansions": 50,
                "fuzzy_transpositions": true,
                "lenient": false,
                "zero_terms_query": "NONE",
                "auto_generate_synonyms_phrase_query": true,
                "boost": 1
            }
        }
    }
}

Step 3: Create Destination

Add Destination on where the alert messages has to be posted

Step 4: Create Trigger

create Trigger for the alerts

Step 5: Configure Action

Configure Action for the trigger

Step 6 : Check Monitor and Trigger

Check if the Monitor and triggers are set in Monitor page

Check the notification

Once the indexing starts if the count exceeds 10 there would be an alert triggered in slack as slack webhook has been provided in destination for alerts. Similarly, one can use other webhooks based on their preference.

Alerts configured will also get displayed in Menu-> Alerts page of Kibana