author profile pic

By Eleanor Bennett


3 min read

We are pleased to announce that we’ve recently launched new and improved alerting features which have been rolled out to users across all of’s operating regions.

As part of these improvements, we have sought to improve platform usability and have now included a new menu from which users can readily configure a number of popular alert types straight from our pre-configured templates. Users who use the new and improved alerting features will also notice both faster response times and improvements to the alerting editor and debugging feedback.

To get started with alerting from your current Stack dashboard you can select “Configure Alerts”. From here you will be taken to the page where you can enable alerting for your Stack. unnamed (9) unnamed (10)

Included among these common alert types are spike, percentage match, frequency, flatline, change and any match alert templates.

There is also the option to configure custom alerts from scratch, this enables easier migration of preexisting alert configurations (that you may have hosted on external services) and unlimited configuration options including those for blacklisting, whitelisting and cardinality. unnamed (8)

In case you weren’t previously familiar with some of the benefits the previous alert types can offer we’ve included a summary of just a handful of some of the most useful use cases these are well suited for.

Spike alerts can be configured to raise awareness of new error codes being triggered excessively or for rapidly increasing traffic from dubious origins (as would be indicated as part of a DDoS attack).

Frequency alerts are often useful to raise awareness of high-frequency alerts which can be further investigated for effective security triaging.

Flatline alerts are met when your events are below your specified threshold for the time period you have also configured. This is useful for seeing if services have dropped, for example, if no visitors are logged as having visited your site in an extended time period it is a strong indicator that your site has encountered downtime.

Change alerts are designed to highlight changes made against a part of your infrastructure which should not be modified by unauthorised users. For instances where role-based permissions can't be configured this can be the next best attempt at providing a level of much-needed security.

Any match alerts cause a notification to be triggered when a minimum of one event matches the query you have specified. If your alert is set to only match a type of error being logged then this means you can identify this error the first time it occurs (whereas a spike is multiple errors stacked on top of each other).

In light of vulnerabilities such as Log4Shell having such wide-reaching and potentially devastating effects, it is vital for developers and operations alike to be alerted and notified across the tools that they use for monitoring their infrastructure.

Without active monitoring of events, it is easy to open your organisation up to blindspots that occur without proactive correlation of suspicious activity and unsecured user access to configuration files. alerts allow for configuration to a variety of endpoints outside of email with step by step instructions for Slack, Pagerduty and WebHook notifications available in our regularly updated help centre.

We are continuously updating our dashboard features, including our alerting features. If you have a specific feature request then feel free to drop us a message via chat or via [email protected].

If you enjoyed this update then why not check out our other articles where you can find out about the meaning of CICD or find out how to export from Kibana to CSV?

Get the latest elastic Stack & logging resources when you subscribe

backReturn to Blog

© 2022 Ltd, All rights reserved.