Open and manage cases

edit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Open a new case

edit

Open a new case to keep track of issues and share their details with colleagues.

  1. Go to Management > Stack Management > Cases, then click Create case.
  2. Give the case a name, severity, and description.

    In the Description area, you can use Markdown syntax to create formatted text.

  3. Optionally, add assignees and tags. You can add users only if they meet the necessary prerequisites.
  4. For External incident management system, select a connector. For more information, refer to Add connectors.
  5. After you’ve completed all of the required fields, click Create case.

Add a visualization

edit

After you create a case, you can optionally add a visualization. For example, you can portray event and alert data through charts and graphs.

Cases page

To add a visualization to a comment within your case:

  1. Click the Visualization button. The Add visualization dialog appears.
  2. Select an existing visualization from your Visualize Library or create a new visualization.

    Set an absolute time range for your visualization. This ensures your visualization doesn’t change over time after you save it to your case and provides important context for viewers.

  3. After you’ve finished creating your visualization, click Save and return to go back to your case.
  4. Click Preview to see how the visualization will appear in the case comment.
  5. Click Add Comment to add the visualization to your case.

After a visualization has been added to a case, you can modify or interact with it by clicking the Open Visualization option in the comment menu.

Add email notifications

edit

You can configure email notifications that occur when users are assigned to cases.

For hosted Kibana on Elasticsearch Service:

  1. Add the email addresses to the monitoring email allowlist. Follow the steps in Send alerts by email.

    You do not need to take any more steps to configure an email connector or update Kibana user settings, since the preconfigured Elastic-Cloud-SMTP connector is used by default.

For self-managed Kibana:

  1. Create a preconfigured email connector.

    At this time, email notifications support only preconfigured connectors, which are defined in the kibana.yml file. For examples, refer to Preconfigured email connector and Configuring email connectors for well-known services.

  2. Set the notifications.connectors.default.email Kibana setting to the name of your email connector.
  3. If you want the email notifications to contain links back to the case, you must configure the server.publicBaseUrl setting.

When you subsequently add assignees to cases, they receive an email.

Manage cases

edit

In Management > Stack Management > Cases, you can search cases and filter them by attributes such as assignees, severity, status, and tags. You can also select multiple cases and use bulk actions to delete cases or change their attributes.

To view a case, click on its name. You can then:

  • Add a new comment.
  • Edit existing comments and the description.
  • Add or remove assignees.
  • Add a connector.
  • Send updates to external systems (if external connections are configured).
  • Edit tags.
  • Refresh the case to retrieve the latest updates.
  • Change the status.
  • Change the severity.
  • Close or delete the case.
  • Reopen a closed case.