Getting started with Signals Alerting for Elasticsearch
Since v40, Signals Alerting for Elasticsearch is distributed as part of Search Guard. To use Signals, you just need to install the Search Guard plugin for Elasticsearch and (optional) Kibana version 40 and above.
Signals is available for Elasticsearch 7.4.0 and above.
Signals is enabled by default, so after the cluster is up you can either use the REST API or the Signals Kibana app to create your first watch.
If you need to disable it, add the following setting to your
Users and permissions
Signals integrates perfectly with the Search Guard role-based access control features, so you can define what Search Guard roles should be permitted to use Signals. Signals ships with pre-defined alerting action groups that can be assigned to any Search Guard role.
A role with full access to all Signals features looks like:
sg_signals_manager: cluster_permissions: - SGS_SIGNALS_ACCOUNT_MANAGE - SGS_CLUSTER_COMPOSITE index_permissions: ... tenant_permissions: - tenant_patterns: - 'SGS_GLOBAL_TENANT' allowed_actions: - 'SGS_SIGNALS_ALL'
Note that Signals is fully compatible with Search Guard multi-tenancy, which means watches and watch execution can be separated by tenants.
To start quickly with Signals, we have prepared sample watches that can be either installed by using the REST API, or the Kibana plugin.
The examples are based on the Kibana sample data, so you need to import it first.
In order to get to speed with Signals quickly, we recommend following our Signals Alerting: First Steps blog post. We will release a series of articles describing all Signals features in detail.
If you have any questions, please refer to our Signals Community forum.