Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.x] [Alerting][Docs] Changed alerting documentation to point to a single source of explaining the configurations. (#92942) #93166

Merged
merged 1 commit into from
Mar 2, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions docs/settings/alert-action-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ You can configure the following settings in the `kibana.yml` file.

[cols="2*<"]
|===
| `xpack.actions.enabled`
| Feature toggle that enables Actions in {kib}. Defaults to `true`.

| `xpack.actions.allowedHosts` {ess-icon}
| A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. +
Expand All @@ -51,6 +53,24 @@ You can configure the following settings in the `kibana.yml` file.
+
Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.

| `xpack.actions.preconfigured`
| Specifies preconfigured action IDs and configs. Defaults to {}.

| `xpack.actions.proxyUrl` {ess-icon}
| Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used.

| `xpack.actions.proxyHeaders` {ess-icon}
| Specifies HTTP headers for the proxy, if using a proxy for actions. Defaults to {}.

a|`xpack.actions.`
`proxyRejectUnauthorizedCertificates` {ess-icon}
| Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Defaults to `true`.

| `xpack.actions.rejectUnauthorized` {ess-icon}
| Set to `false` to bypass certificate validation for actions. Defaults to `true`. +
+
As an alternative to setting both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, you can point the OS level environment variable `NODE_EXTRA_CA_CERTS` to a file that contains the root CAs needed to trust certificates.

|===

[float]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ This example shows a preconfigured action type with one out-of-the box connector
name: 'Server log #xyz'
```

<1> `enabledActionTypes` excludes the preconfigured action type to prevent creating and deleting connectors.
<1> `enabledActionTypes` prevents the preconfigured action type from creating and deleting connectors. For more details, check <<action-settings, Action settings>>.
<2> `preconfigured` is the setting for defining the list of available connectors for the preconfigured action type.

[[managing-pre-configured-action-types]]
Expand Down
2 changes: 1 addition & 1 deletion docs/user/alerting/alerting-getting-started.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ Pre-packaged *alert types* simplify setup, hide the details complex domain-speci

If you are using an *on-premises* Elastic Stack deployment:

* In the kibana.yml configuration file, add the <<alert-action-settings-kb,`xpack.encryptedSavedObjects.encryptionKey`>> setting.
* In the kibana.yml configuration file, add the <<general-alert-action-settings,`xpack.encryptedSavedObjects.encryptionKey`>> setting.
* For emails to have a footer with a link back to {kib}, set the <<server-publicBaseUrl, `server.publicBaseUrl`>> configuration setting.

If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-with-security, *security*>>:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@
[[alerting-production-considerations]]
== Production considerations

{kib} alerting run both alert checks and actions as persistent background tasks managed by the Kibana Task Manager. This has two major benefits:
{kib} alerting runs both alert checks and actions as persistent background tasks managed by the Kibana Task Manager. This has two major benefits:

* *Persistence*: all task state and scheduling is stored in {es}, so if {kib} is restarted, alerts and actions will pick up where they left off. Task definitions for alerts and actions are stored in the index specified by `xpack.task_manager.index` (defaults to `.kibana_task_manager`). It is important to have at least 1 replica of this index for production deployments, since if you lose this index all scheduled alerts and actions are also lost.
* *Persistence*: all task state and scheduling is stored in {es}, so if you restart {kib}, alerts and actions will pick up where they left off. Task definitions for alerts and actions are stored in the index specified by <<task-manager-settings, `xpack.task_manager.index`>>. The default is `.kibana_task_manager`. You must have at least one replica of this index for production deployments. If you lose this index, all scheduled alerts and actions are lost.
* *Scaling*: multiple {kib} instances can read from and update the same task queue in {es}, allowing the alerting and action load to be distributed across instances. In cases where a {kib} instance no longer has capacity to run alert checks or actions, capacity can be increased by adding additional {kib} instances.

[float]
=== Running background alert checks and actions

{kib} background tasks are managed by:

* Polling an {es} task index for overdue tasks at 3 second intervals. This interval can be changed using the `xpack.task_manager.poll_interval` setting.
* Polling an {es} task index for overdue tasks at 3 second intervals. You can change this interval using the <<task-manager-settings, `xpack.task_manager.poll_interval`>> setting.
* Tasks are then claiming them by updating them in the {es} index, using optimistic concurrency control to prevent conflicts. Each {kib} instance can run a maximum of 10 concurrent tasks, so a maximum of 10 tasks are claimed each interval.
* Tasks are run on the {kib} server.
* In the case of alerts which are recurring background checks, upon completion the task is scheduled again according to the <<defining-alerts-general-details, check interval>>.
Expand All @@ -32,4 +32,4 @@ For details on the settings that can influence the performance and throughput of
[float]
=== Deployment considerations

{es} and {kib} instances use the system clock to determine the current time. To ensure schedules are triggered when expected, you should synchronize the clocks of all nodes in the cluster using a time service such as http://www.ntp.org/[Network Time Protocol].
{es} and {kib} instances use the system clock to determine the current time. To ensure schedules are triggered when expected, you should synchronize the clocks of all nodes in the cluster using a time service such as http://www.ntp.org/[Network Time Protocol].
22 changes: 1 addition & 21 deletions docs/user/alerting/defining-alerts.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -101,29 +101,9 @@ image::images/alert-flyout-add-action.png[You can add multiple actions on an ale

[NOTE]
==============================================
Actions are not required on alerts. In some cases you may want to run an alert without actions first to understand its behavior, and configure actions later.
Actions are not required on alerts. You can run an alert without actions to understand its behavior, and then <<action-settings, configure actions>> later.
==============================================

[float]
[[actions-configuration]]
=== Global actions configuration
Some actions configuration options apply to all actions.
If you are using an *on-prem* Elastic Stack deployment, you can set these in the kibana.yml file.
If you are using a cloud deployment, you can set these via the console.

Here's a list of the available global configuration options and an explanation of what each one does:

* `xpack.actions.enabled`: Feature toggle that enables Actions in {kib}. Default: `true`
* `xpack.actions.allowedHosts`: Specifies an array of host names which actions such as email, Slack, PagerDuty, and webhook can connect to. An element of * indicates any host can be connected to. An empty array indicates no hosts can be connected to. Default: [ {asterisk} ]
* `xpack.actions.enabledActionTypes`: Specifies an array of action types that are enabled. An {asterisk} indicates all action types registered are enabled. The action types that {kib} provides are `.email`, `.index`, `.jira`, `.pagerduty`, `.resilient`, `.server-log`, `.servicenow`, `.servicenow-sir`, `.slack`, `.teams`, and `.webhook`. Default: [ {asterisk} ]
* `xpack.actions.preconfigured`: Specifies preconfigured action IDs and configs. Default: {}
* `xpack.actions.proxyUrl`: Specifies the proxy URL to use, if using a proxy for actions.
* `xpack.actions.proxyHeader`: Specifies HTTP headers for proxy, if using a proxy for actions.
* `xpack.actions.proxyRejectUnauthorizedCertificates`: Set to `false` to bypass certificate validation for proxy, if using a proxy for actions.
* `xpack.actions.rejectUnauthorized`: Set to `false` to bypass certificate validation for actions.

*NOTE:* As an alternative to both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, the OS level environment variable `NODE_EXTRA_CA_CERTS` can be set to point to a file that contains the root CA(s) needed for certificates to be trusted.

[float]
=== Managing alerts

Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/triggers_actions_ui/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -1149,7 +1149,7 @@ triggersActionsUi.actionTypeRegistry.register(getSomeNewActionType());

## Create and register new action type UI

Before starting the UI implementation, the [server side registration](https://github.com/elastic/kibana/tree/master/x-pack/plugins/actions#kibana-actions-configuration) should be done first.
Before starting the UI implementation, the [server side registration](https://github.com/elastic/kibana/tree/master/x-pack/plugins/actions#action-types) should be done first.

Action type UI is expected to be defined as `ActionTypeModel` object.

Expand Down