- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.3
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Developer guide
Rule types
editRule types
editA rule is a set of conditions, schedules, and actions that enable notifications. Kibana provides rules built into the Elastic Stack and rules registered by one of the Kibana apps. You can create most rules types in Stack Management > Rules and Connectors. For information on creating security rules, refer to Create a detection rule.
Some rule types are subscription features, while others are free features. For a comparison of the Elastic subscription levels, see the subscription page.
Stack rules
editStack rules are built into Kibana. To access the Stack Rules feature and create and edit rules, users require the all
privilege. See feature privileges for more information.
Run a user-configured Elasticsearch query, compare the number of matches to a configured threshold, and schedule actions to run when the threshold condition is met. |
|
Aggregate field values from documents using Elasticsearch queries, compare them to threshold values, and schedule actions to run when the thresholds are met. |
|
[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Run scheduled checks on a continuous transform to check its health. If a continuous transform meets the conditions, an alert is created and the associated action is triggered. |
|
Run an Elasticsearch query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule’s conditions are met. |
Observability rules
editObservability rules are categorized into APM and User Experience, Logs, Metrics, Stack Monitoring, and Uptime.
If you create a rule in the Observability app, its alerts are not visible in Stack Management > Rules and Connectors. They are visible only in the Observability app.
Detect complex conditions in APM data and trigger built-in actions when the conditions are met. |
|
Detect complex conditions in the Logs app. |
|
Detect complex conditions in the Metrics app. |
|
Provide Kibana Alerting rules out-of-the box to notify you of potential issues in the Elastic Stack. |
|
Detect complex conditions in the Uptime app. |
Machine learning rules
edit[beta] This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. Machine learning rules run scheduled checks on an anomaly detection job to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
Security rules
editSecurity rules detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met. For more information, refer to Security rules.
Alerts associated with security rules are visible only in the Elastic Security app; they are not visible in Stack Management > Rules and Connectors.