diff options
Diffstat (limited to 'docs/management/watcher-ui/create-threshold-alert.asciidoc')
| -rw-r--r-- | docs/management/watcher-ui/create-threshold-alert.asciidoc | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/docs/management/watcher-ui/create-threshold-alert.asciidoc b/docs/management/watcher-ui/create-threshold-alert.asciidoc new file mode 100644 index 000000000..7abe1ea73 --- /dev/null +++ b/docs/management/watcher-ui/create-threshold-alert.asciidoc @@ -0,0 +1,78 @@ +[[watcher-create-threshold-alert]] +=== Create Threshold Alert + +You can create a threshold alert to periodically check when your data goes above or below a certain threshold within a given time interval. It's one of the most common type of alerts that you can create using Watcher. For more advanced watches, see the <<watcher-create-advanced-watch>>. + +To create a new threshold alert: + +. Select the `Create new watch` button +image:management/watcher-ui/images/create-watch-select.png["Create a Watch",link="management/watcher-ui/images/create-watch-select.png"] + +. Select `Threshold Alert` + +Next, let's look at the UI and how to use it. + +==== Inputs & Triggers + +To create a threshold alert, you need to first configure the inputs and triggers. + +. Add a `name` for the alert. +. Choose one or more indices that have a time-based field as the alert input. +. Configure a trigger interval. + +image:management/watcher-ui/images/threshold-alert/create-threshold-alert-created.png["Created Threshold Alert",link="management/watcher-ui/images/threshold-alert/create-threshold-alert-created.png"] + +Next, you will be able to specify the conditions to trigger the alert. + +==== Condition + +Here, you can configure the condition that will cause alert to trigger. The UI is interactive and selecting the various elements within the expression will display a UI to change the values. + +image:management/watcher-ui/images/threshold-alert/threshold-alert-aggType.png["Threshold Alert Agg Type",link="management/watcher-ui/images/threshold-alert/threshold-alert-aggType.png"] + +Let's look at a few examples of common alerts based on x-pack monitoring data: + +* High heap usage: +image:management/watcher-ui/images/threshold-alert/high-heap-usage.png["Threshold Alert Example High Heap Usage",link="management/watcher-ui/images/threshold-alert/high-heap-usage.png"] + +* System load: +image:management/watcher-ui/images/threshold-alert/system-load.png["Threshold Alert Example System Load",link="management/watcher-ui/images/threshold-alert/system-load.png"] + + +Here are some specifics of how the visualization works: + +* The time window that is used in the visualization is calculated by taking the duration defined in the expression and multiplying it by 5. So, if you select `FOR THE LAST 5 hours`, the visualization will show data from the last 25 hours. + +* In the chart, you will see a blue line that represents the aggregated data. There is also a red line that represents the threshold value. + +* If you use the `terms` aggregation to aggregate over a specific field, there will be multiple visualizations available and pagination controls will appear as shown below. + +** image:management/watcher-ui/images/threshold-alert/threshold-alert-groupBy-pagination.png["Threshold Alert Group By pagination",link="management/watcher-ui/images/threshold-alert/threshold-alert-groupBy-pagination.png"] + +==== Actions + +Here you can configure the various actions that will occur when the alert fires. + +Click `Add new action` to trigger a dropdown selection: + +image:management/watcher-ui/images/threshold-alert/threshold-alert-select-action.png["Threshold Alert Select Action",link="management/watcher-ui/images/threshold-alert/threshold-alert-select-action.png"] + +Selecting an action will allow you to customize settings for the respective action. + +image:management/watcher-ui/images/threshold-alert/threshold-alert-action.png["Threshold Alert Logging Action",link="management/watcher-ui/images/threshold-alert/threshold-alert-action.png"] + +All fields for an alert support using http://mustache.github.io/mustache.5.html[mustache syntax] and expose a `{{ctx}}` variable which exposes {stack-ov}/condition-script.html#accessing-watch-payload[various properties of the alert] + +The supported actions are: + +* {stack-ov}/actions-slack.html[Slack] +* {stack-ov}/actions-logging.html[Logging] +* {stack-ov}/actions-email.html[Email] + +Note that certain actions require configuration within {es}, such as +{stack-ov}/actions-email.html#configuring-email[email] and +{stack-ov}/actions-slack.html#configuring-slack[slack]. + +include::create-advanced-watch.asciidoc[] + + |