Alerting

service.monitor can monitor rules managed as part of the alerting features in a Kibana instance and notify users when the rules are triggered via the known channels.

Using Kibana alerting, rules can be set to monitor specific aspects of the Elastic cluster. If such a rule is broken, Kibana triggers a corresponding alarm. This alarm can be picked up by service.monitor and leads to the corresponding notification via the specified channels.

Examples of system aspects that can be monitored by Kibana include:

  • Frozen applications

  • Peaks in CPU and RAM usage

  • Memory utilisation of an index

For the service.monitor application domain, there is also a wide range of other monitoring scenarios, e.g.:

  • Number of certain log messages is exceeded in

    • ArcGIS Server Logs

    • ct technology logs

    • ArcGIS Server Logs

  • Certain events occur in the index, e.g. on the part of FME

Details on how to set up Kibana Alerting can be found here .

The properties for configuring service.monitor alerting are described under Common configuration options.

If alerting is set up in service.monitor, the entry "All Kibana notifications" appears in the dashboard after starting the application.

dashboard en

After clicking on this link, an overview of the Kibana rules queried by service.monitor appears.

kibana rules overview en
By convention, only those Kibana rules are queried by service.monitor whose name begins with ct-. Thus, service.monitor relevant rules can be distinguished from others.

The table shows the following:

Kibana rule

Names of the rules queried by Kibana

Notification template

Selection list of known notification templates

Enabled

Indication of whether a Kibana rule is enabled. This setting can be made in Kibana and is only for information purposes here. Kibana rules that are inactive can be assigned to notification templates, but there is no notification sent in the inactive state.

Here you can assign existing notification templates to the respective Kibana rules. If a Kibana rule is triggered, the channels defined here are notified.

Notification for triggering rules that have not been assigned a template is done via the email address defined for this in the configuration.

Notifications are always sent when the status of a Kibana rule changes between two query periods. The 'ok' state serves as a defined 'good' state.

Example of a state change decision flow:

  1. Kibana rule has the state ok, no notification is sent.

  2. Kibana rule has the status active. The channels defined in the associated template are notified of the status change.

  3. Kibana rule has the state active, no notification is sent.

  4. Kibana rule has the status ok. The channels defined in the associated template are notified that the state has been restored.