VQ Conference Manager includes version 8 of Elasticsearch, and with it, the new Kibana alerting feature.
Kibana’s alerting capability provides analytics data monitoring, enabling you to take actions (like sending emails) based on defined conditions. This new feature allows you to send notifications through integrations with third-party systems.
This new feature is similar to the ‘watchers’ functionality but is easier to use and better integrated into the Kibana UI. Kibana rules, defined with pre-set types and templates, allow you to hide some of the complexity of the low-level watcher conditions that were difficult to work with.
If you are looking for more detailed information about the new alerting features, please check out the official Elastic documentation for this feature on their website.
We are here to help you understand these new features. This blog runs through an example of how to set up alerts to send an email if one of your callbridges goes into ‘offline’ status in VQCM.
Establishing the correct Elastic enterprise license
Kibana’s alerting feature requires an active Elastic enterprise license. Please see the ‘Upload ECK license’ documentation available on our customer portal for instructions to apply yours.
Please note there is also a free 30-day trial license to test with if needed, described in the ‘Trial ECK license’ documentation.
The alerting feature is accessible in the left-hand menu under Management > Stack Management > Alerts and Insights.
Some options will be greyed out if you don’t have a valid enterprise or trial license applied, thereby stopping you from using this feature fully. See the example of the connector page when the basic license is active:
Configuring connectors to send notifications
The first step is to define the connectors for the third-party systems you want to integrate with. Doing this lets you then send notifications when the desired notification conditions are met.
A variety of connector types are available, which are defined in detail in the Kibana documentation. A few examples are:
- Jira
- ServiceNow
- Microsoft Teams
- Slack
- Webhook
In this example we will configure an ‘Email’ connector by going to Management > Stack Management > Alerts and Insights > Connectors > Create connector:
You will need to enter your SMTP server details, which will depend on your environment. Depending on your setup you may also need to allow additional rules in some cases (e.g. firewall, allowed sender, etc).
To validate your settings, you can use the ‘Save & test’ option, which lets you choose a user to send a test email to:
The test will fail if anything is misconfigured – the error notification will hopefully help you troubleshoot the issue. In the example below the error is due to incorrect credentials:
Defining rules
The rules define what actions will trigger the notifications once the conditions you choose are met. There are multiple pre-built rules to choose from – see the Kibana documentation for more details.
In short, a rule is composed of the following:
- Input
- Schedule
- Conditions
- Actions
In our example, we will use the ‘Index Threshold’ rule type. This monitors if a value changes past a threshold and sends an email when reached. The Index Threshold monitors the number of online callbridges reported by VQCM and triggers the notification if the number drops below the expected value:
Our condition checks if the minimum number of call bridges drops below 2, (which is the normal number of call bridges online in the example). This check occurs every minute, checking if the value is below the threshold for the last minute.
If so, this triggers an action using the connector previously created:
The above is the default template for the message. The email template can include values representative of your data at the moment the notification was sent. In this case, it would show how many callbridges are online. You can update that message depending on the use case and include more data if necessary.
The ‘Elasticsearch Query’ rule type even lets you add specific fields from documents in your indices, like the message linked to a specific event in the example below.
There are several options to customise the behaviour further, including snoozing notifications on a given schedule:
Including document values
If you use a rule of type ‘Elasticsearch query’, you can include results from the query in the output.
Here is an example of a rule based on the ‘McuStateChange’ events raised by VQ, which will output the timestamp and message for each event captured:
This will iterate over each document (one per ‘McuStateChange’ event in this case) that matches the query and pull specific fields, like timestamp and message.
This rule also shows you can include a relevant dashboard link (‘Call Bridge Dashboard’ in this case, URL copied from the dashboard page) in the message template:
Example email received from the action linked to this rule:
Troubleshooting
Within the web page, you can also see the history of the previous executions of the rules and find more information about failures. See the Kibana documentation for more details on how to troubleshoot those issues.
If the above doesn’t help you to resolve the issue by yourself, you can email us at support@vqcomms.com.
Want to learn more about Kibana’s capabilities? Watch our demo video, where Ethan, one of VQ’s engineers, walks through basic setup.