| description |
|---|
With the ilert Elastic Watcher (formerly X-Pack Alerting) integration, you can create alerts in ilert based on Watcher alerts. |
Elastic Watcher is a set of administrative features that enable you to watch for changes or anomalies in your data and perform the necessary actions in response.
-
Go to Alert sources -> Alert sources and click Create new alert source
-
Search for Elastic Watcher in the search field, click the Elastic Watcher tile, and click Next.
-
Give your alert source a name, optionally assign teams, and click Next.
-
Select an escalation policy by creating a new one or assigning an existing one.
-
Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
-
The next page shows additional settings, such as customer alert templates or notification priority. Click on Finish setup for now.
-
On the final page, an API key and/or webhook URL will be generated, which you will need later in this guide.
.png)
.png)
- Go to Stack Management and then to Alerts and Insights -> Watcher, then click the Create button and the Create advanced watch button.
 (1) (1) (1) (1) (1) (1) (1) (1).png)
- On the next page, name the watcher e.g. ilert, define conditions and actions the Webhook URL that you generated in ilert as follows:
 (1) (1) (1) (1) (1) (1) (1).png)
{
...
[CONFIGURATIONS OF YOUR ELASTIC WATCHER ALERT]
...
"actions" : {
"ilert" : {
"webhook" : {
"scheme" : "https",
"method" : "POST",
"host" : "api.ilert.com",
"port" : 443,
"path" : "/api/v1/events/eswatcher/[YOUR API KEY]",
"headers" : {
"Content-Type" : "application/json"
},
"params": {},
"body" : "{{#toJson}}ctx{{/toJson}}"
}
}
}
}
- Finished! Your Elastic Watcher will now create alerts in ilert.
Will alerts in ilert be resolved automatically?
No, unfortunately, Elastic Watcher's notification is not compatible with ilert's resolve event.
Can I connect Elastic Watcher with multiple alert sources from ilert?
Yes, simply add more watchers in Elastic Watcher.