ES Query DSL
DSL: domain specific language
Kibana
ES’in index’lediği field’lar; senin örneğin kibana > integrations’ta sample data’da eklediğin field’lar oluyor.
Alerting
Rule types: built in (stack) rules, registered by one of kibana apps.
you can create following type of rules;
- custom query: query-based rule, search indices and creates alert when document match.
- thresold: if the thresold field is source.ip and ist value is 10, an alert
is generated for every source ip address that appears in at least 10 of the
rule’s search results.
- machine learning
Create and manage rules
Rule generated alerts
------
Timestamp: |
Username:
Event ID:
Event Message:
{
"alert_id": "",
"alert_name": "",
"alert_instance_id": "",
"context_title": "",
"context_value": "",
"context_message": ""
}
Elasticsearch query rule'' is active:
- Value:
- Service:
- Error Message:
- Document ID:
- Conditions Met: over
- Timestamp:
https://github.com/elastic/kibana/blob/main/x-pack/plugins/triggers_actions_ui/README.md