Version: 7.x-40.0.0
This is an older version of Search Guard. Switch to Latest version
Community

Getting started with Signals Alerting for Elasticsearch

Since v40, Signals Alerting for Elasticsearch is distributed as part of Search Guard. To use Signals, you just need to install the Search Guard plugin for Elasticsearch and (optional) Kibana version 40 and above.

At the time of writing, Signals is available for Elasticsearch 7.4.0 and above.

Signals is enabled by default, so after the cluster is up you can either use the REST API or the Signals Kibana app to create your first watch.

If you need to disable it, add the following setting to your elasticsearch.yml:

signals.enabled: false

Users and permissions

Signals integrates perfectly with the Search Guard role-based access control features, so you can define what Search Guard roles should be permitted to use Signals. Signals ships with pre-defined alerting action groups that can be assigned to any Search Guard role.

A role with full access to all Signals features looks like:

sg_signals_manager:
  cluster_permissions:
    - SGS_SIGNALS_ACCOUNT_MANAGE
    - SGS_CLUSTER_COMPOSITE
  index_permissions:
    ...
  tenant_permissions:
    - tenant_patterns:
        - 'SGS_GLOBAL_TENANT'
      allowed_actions:
        - 'SGS_SIGNALS_ALL'

Note that Signals is fully compatible with Search Guard multi-tenancy, which means watches and watch execution can be separated by tenants.

Sample watches

To start quickly with Signals, we have prepared sample watches that can be either installed by using the REST API, or the Kibana plugin.

The examples are based on the Kibana sample data, so you need to import it first.

First steps

In order to get to speed with Signals quickly, we recommend following our Signals Alerting: First Steps blog post. We will release a series of articles describing all Signals features in detail.

Community support

If you have any questions, please refer to our Signals Community forum.


Not what you were looking for? Try the search.