Elastic Stack Alerting
Configure monitoring alerts in Kibana
Overview
Alerting in Elastic Stack is configured through the Kibana Management UI. It provides built-in rule types and connectors that detect conditions and trigger actions when thresholds are met.
Common Alert Types
Log Threshold
Create alerts based on log conditions from the Logs app.
Path: Observability → Logs
Metric Threshold
Alert on metrics from the Metrics Explorer page.
Path: Observability → Metrics
Uptime Monitor
Monitor URL availability and response times.
Path: Observability → Uptime
Creating an Uptime Monitor Alert
Go to Uptime
Go to Observability → Uptime in the Kibana sidebar.
Create Rule
Click Alerts and rules → Create rule → Monitor status rule
Filter Monitors (Optional)
If you have multiple monitors, use KQL syntax to filter:
monitor.name: "my-website-monitor"Configure Status Check
Click on the conditions to configure thresholds. Common settings:
- • Alert when down for X consecutive checks
- • Alert when response time exceeds threshold
- • Alert on specific status codes
Configure Actions
Set up notifications using built-in connectors.
Built-in Connectors
SMTP email notifications
Slack
Channel or DM alerts
PagerDuty
Incident management
Microsoft Teams
Teams channel webhooks
Webhook
Custom HTTP endpoints
ServiceNow
Incident creation
Alert Statuses
| Status | Description |
|---|---|
| Active | Conditions are met, actions will trigger per notification settings |
| Recovered | Conditions no longer met, recovery actions generated |
| Untracked | Actions no longer generated (rule disabled/deleted) |
| Flapping | Rapidly switching between active/recovered (actions suppressed) |
Managing Alerts
- View alerts: Stack Management → Rules or Stack Management → Alerts
- Mute alert: Open action menu (…) → Mute (temporary suppression)
- Untrack alert: Open action menu (…) → Mark as untracked (permanent)
- Snooze rule: Temporarily disable all alerts for a rule
- Filter alerts: Use KQL in the Alerts page to search specific alerts