README in other languages: 日本語

Kibana app plugin for creating alert settings of Elasticsearch Machine Leaning Job easily

This plugin is for creating alert settings of X-Pack Machine Learning easily on Kibana UI.

Requirement

No	item	required version
1	Kibana	6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4

How to use

You will see "ML Alert" menu in Kibana side bar. Start to click this menu.

Alert Settings

Select ML job first. Then input alertID, description and other forms.

You can set the following information

• Mail address
• Slack channel
• Dashboards to show link in the notification message
• Saved Search to show link in the notification message
• Threshold of anomaly score

Other settings are set automatically. But you can change in advanced settings.

Press Save button to save the alert.

Alert List

This view shows the list of alerts which are made through this plugin.
Bulk operation is also supported.

Installation and prerequisite settings

Plugin installation to Kibana

Get plugin files from Release page.

Go to Kibana installation directory, stop Kibana process and run the installation command.

sudo bin/kibana-plugin install file://<path to plugin>/es_ml_alert-x.x.x_y.y.y.zip

• Stop Kibana process before plugin installation! It may take more than hours to install the plugin if the Kibana process is running.
• Plugin version and Kibana version must be same.

Mail account settings(If you notify by e-mail)

Add mail account settings to elasticsearch.yml.

Configuring Email Accounts

Example

xpack.notification.email.account:
    some_mail_account:
        email_defaults:
          from: notification@example.com
        smtp:
            auth: true
            starttls.enable: true
            host: smtp.example.com
            port: 587
            user: notification@example.com
            password: passw0rd

Example of mail notification

Slack account settings(If you notify by Slack)

Add Slack account settings to elasticsearch.yml.

Configuring Slack Accounts

Example

xpack.notification.slack:
  account:
    ml_alert:
      url: https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXX
      message_defaults:
        from: elastic-ml-alert

Example of Slack notification

• Elasticsearch 6.1.1 X-Pack Watcher has a problem sending multibyte characters to slack(actually, it is the problem of webhook). Non-ASCII characters are replaced to "?". Therefore it may cause a problem if Machine Learning Job partition field or partition value has Non-ASCII characters.

LINE Notify settings(If you notify by LINE)

Get access token from LINE Notify .

You don't need to write it in elasticsearch.yml.

• Link to Dashboard, Saved Search and Single Metric Viewer are not contained in the notification message of LINE Notify.

Example of LINE Notify message

About development

This plugin is Kibana plugin.

See the kibana contributing guide for instructions setting up your development environment. Once you have completed that, use the following npm tasks.

• npm start

  Start kibana and have it include this plugin

• npm start -- --config kibana.yml

  You can pass any argument that you would normally send to bin/kibana by putting them after -- when running npm start

• npm run build

  Build a distributable archive

• npm run test:browser

  Run the browser tests in a real web browser

• npm run test:server

  Run the server tests using mocha

For more information about any of these commands run npm run ${task} -- --help.

Licence

Apache Version 2.0

Author

@serive
Twitter: @serive8