From a967959e0ffe7811756682e7155a37fc9a1325e7 Mon Sep 17 00:00:00 2001 From: Yuliia Naumenko Date: Tue, 2 Mar 2021 15:16:12 -0800 Subject: [PATCH] [Alerting][Docs] Changed alerting documentation to point to a single source of explaining the configurations. (#92942) (#93166) * [Alerting][Docs] Changed alerting documentation to poin to a single source of explaining the configurations. * fixed due to comments * fixed due to comments * Apply suggestions from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * fixed due to comments Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> --- docs/settings/alert-action-settings.asciidoc | 20 +++++++++++++++++ .../pre-configured-connectors.asciidoc | 2 +- .../alerting-getting-started.asciidoc | 2 +- ...lerting-production-considerations.asciidoc | 8 +++---- docs/user/alerting/defining-alerts.asciidoc | 22 +------------------ x-pack/plugins/triggers_actions_ui/README.md | 2 +- 6 files changed, 28 insertions(+), 28 deletions(-) diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc index d6f5fb1baba8e..6813a77776b5b 100644 --- a/docs/settings/alert-action-settings.asciidoc +++ b/docs/settings/alert-action-settings.asciidoc @@ -40,6 +40,8 @@ You can configure the following settings in the `kibana.yml` file. [cols="2*<"] |=== +| `xpack.actions.enabled` + | Feature toggle that enables Actions in {kib}. Defaults to `true`. | `xpack.actions.allowedHosts` {ess-icon} | A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. + @@ -51,6 +53,24 @@ You can configure the following settings in the `kibana.yml` file. + Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function. +| `xpack.actions.preconfigured` + | Specifies preconfigured action IDs and configs. Defaults to {}. + +| `xpack.actions.proxyUrl` {ess-icon} + | Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used. + +| `xpack.actions.proxyHeaders` {ess-icon} + | Specifies HTTP headers for the proxy, if using a proxy for actions. Defaults to {}. + +a|`xpack.actions.` +`proxyRejectUnauthorizedCertificates` {ess-icon} + | Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Defaults to `true`. + +| `xpack.actions.rejectUnauthorized` {ess-icon} + | Set to `false` to bypass certificate validation for actions. Defaults to `true`. + + + + As an alternative to setting both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, you can point the OS level environment variable `NODE_EXTRA_CA_CERTS` to a file that contains the root CAs needed to trust certificates. + |=== [float] diff --git a/docs/user/alerting/action-types/pre-configured-connectors.asciidoc b/docs/user/alerting/action-types/pre-configured-connectors.asciidoc index 722607ac05f87..a748a06398ef3 100644 --- a/docs/user/alerting/action-types/pre-configured-connectors.asciidoc +++ b/docs/user/alerting/action-types/pre-configured-connectors.asciidoc @@ -95,7 +95,7 @@ This example shows a preconfigured action type with one out-of-the box connector name: 'Server log #xyz' ``` -<1> `enabledActionTypes` excludes the preconfigured action type to prevent creating and deleting connectors. +<1> `enabledActionTypes` prevents the preconfigured action type from creating and deleting connectors. For more details, check <>. <2> `preconfigured` is the setting for defining the list of available connectors for the preconfigured action type. [[managing-pre-configured-action-types]] diff --git a/docs/user/alerting/alerting-getting-started.asciidoc b/docs/user/alerting/alerting-getting-started.asciidoc index 592243ad01b11..0b8de94b858a3 100644 --- a/docs/user/alerting/alerting-getting-started.asciidoc +++ b/docs/user/alerting/alerting-getting-started.asciidoc @@ -157,7 +157,7 @@ Pre-packaged *alert types* simplify setup, hide the details complex domain-speci If you are using an *on-premises* Elastic Stack deployment: -* In the kibana.yml configuration file, add the <> setting. +* In the kibana.yml configuration file, add the <> setting. * For emails to have a footer with a link back to {kib}, set the <> configuration setting. If you are using an *on-premises* Elastic Stack deployment with <>: diff --git a/docs/user/alerting/alerting-production-considerations.asciidoc b/docs/user/alerting/alerting-production-considerations.asciidoc index 0442b760669cc..58b4a263459b3 100644 --- a/docs/user/alerting/alerting-production-considerations.asciidoc +++ b/docs/user/alerting/alerting-production-considerations.asciidoc @@ -2,9 +2,9 @@ [[alerting-production-considerations]] == Production considerations -{kib} alerting run both alert checks and actions as persistent background tasks managed by the Kibana Task Manager. This has two major benefits: +{kib} alerting runs both alert checks and actions as persistent background tasks managed by the Kibana Task Manager. This has two major benefits: -* *Persistence*: all task state and scheduling is stored in {es}, so if {kib} is restarted, alerts and actions will pick up where they left off. Task definitions for alerts and actions are stored in the index specified by `xpack.task_manager.index` (defaults to `.kibana_task_manager`). It is important to have at least 1 replica of this index for production deployments, since if you lose this index all scheduled alerts and actions are also lost. +* *Persistence*: all task state and scheduling is stored in {es}, so if you restart {kib}, alerts and actions will pick up where they left off. Task definitions for alerts and actions are stored in the index specified by <>. The default is `.kibana_task_manager`. You must have at least one replica of this index for production deployments. If you lose this index, all scheduled alerts and actions are lost. * *Scaling*: multiple {kib} instances can read from and update the same task queue in {es}, allowing the alerting and action load to be distributed across instances. In cases where a {kib} instance no longer has capacity to run alert checks or actions, capacity can be increased by adding additional {kib} instances. [float] @@ -12,7 +12,7 @@ {kib} background tasks are managed by: -* Polling an {es} task index for overdue tasks at 3 second intervals. This interval can be changed using the `xpack.task_manager.poll_interval` setting. +* Polling an {es} task index for overdue tasks at 3 second intervals. You can change this interval using the <> setting. * Tasks are then claiming them by updating them in the {es} index, using optimistic concurrency control to prevent conflicts. Each {kib} instance can run a maximum of 10 concurrent tasks, so a maximum of 10 tasks are claimed each interval. * Tasks are run on the {kib} server. * In the case of alerts which are recurring background checks, upon completion the task is scheduled again according to the <>. @@ -32,4 +32,4 @@ For details on the settings that can influence the performance and throughput of [float] === Deployment considerations -{es} and {kib} instances use the system clock to determine the current time. To ensure schedules are triggered when expected, you should synchronize the clocks of all nodes in the cluster using a time service such as http://www.ntp.org/[Network Time Protocol]. \ No newline at end of file +{es} and {kib} instances use the system clock to determine the current time. To ensure schedules are triggered when expected, you should synchronize the clocks of all nodes in the cluster using a time service such as http://www.ntp.org/[Network Time Protocol]. diff --git a/docs/user/alerting/defining-alerts.asciidoc b/docs/user/alerting/defining-alerts.asciidoc index 51909a4c54a9d..05eca6e07ab92 100644 --- a/docs/user/alerting/defining-alerts.asciidoc +++ b/docs/user/alerting/defining-alerts.asciidoc @@ -101,29 +101,9 @@ image::images/alert-flyout-add-action.png[You can add multiple actions on an ale [NOTE] ============================================== -Actions are not required on alerts. In some cases you may want to run an alert without actions first to understand its behavior, and configure actions later. +Actions are not required on alerts. You can run an alert without actions to understand its behavior, and then <> later. ============================================== -[float] -[[actions-configuration]] -=== Global actions configuration -Some actions configuration options apply to all actions. -If you are using an *on-prem* Elastic Stack deployment, you can set these in the kibana.yml file. -If you are using a cloud deployment, you can set these via the console. - -Here's a list of the available global configuration options and an explanation of what each one does: - -* `xpack.actions.enabled`: Feature toggle that enables Actions in {kib}. Default: `true` -* `xpack.actions.allowedHosts`: Specifies an array of host names which actions such as email, Slack, PagerDuty, and webhook can connect to. An element of * indicates any host can be connected to. An empty array indicates no hosts can be connected to. Default: [ {asterisk} ] -* `xpack.actions.enabledActionTypes`: Specifies an array of action types that are enabled. An {asterisk} indicates all action types registered are enabled. The action types that {kib} provides are `.email`, `.index`, `.jira`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, `.servicenow-sir`, `.slack`, `.teams`, and `.webhook`. Default: [ {asterisk} ] -* `xpack.actions.preconfigured`: Specifies preconfigured action IDs and configs. Default: {} -* `xpack.actions.proxyUrl`: Specifies the proxy URL to use, if using a proxy for actions. -* `xpack.actions.proxyHeader`: Specifies HTTP headers for proxy, if using a proxy for actions. -* `xpack.actions.proxyRejectUnauthorizedCertificates`: Set to `false` to bypass certificate validation for proxy, if using a proxy for actions. -* `xpack.actions.rejectUnauthorized`: Set to `false` to bypass certificate validation for actions. - -*NOTE:* As an alternative to both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, the OS level environment variable `NODE_EXTRA_CA_CERTS` can be set to point to a file that contains the root CA(s) needed for certificates to be trusted. - [float] === Managing alerts diff --git a/x-pack/plugins/triggers_actions_ui/README.md b/x-pack/plugins/triggers_actions_ui/README.md index 61cad0fc7fd7b..54e627d384936 100644 --- a/x-pack/plugins/triggers_actions_ui/README.md +++ b/x-pack/plugins/triggers_actions_ui/README.md @@ -1149,7 +1149,7 @@ triggersActionsUi.actionTypeRegistry.register(getSomeNewActionType()); ## Create and register new action type UI -Before starting the UI implementation, the [server side registration](https://github.com/elastic/kibana/tree/master/x-pack/plugins/actions#kibana-actions-configuration) should be done first. +Before starting the UI implementation, the [server side registration](https://github.com/elastic/kibana/tree/master/x-pack/plugins/actions#action-types) should be done first. Action type UI is expected to be defined as `ActionTypeModel` object.