Alerting and analytics go together like cookies and milk. We've known this, but we didn't build alerting into our Elasticsearch service because there are so many good solutions out there that we thought we would be reinventing the wheel.

However, as uses for Elasticsearch have diversified, we changed our opinion. We’ve implemented enough alerting solutions for our customers that we decided to make the best turnkey alerting solution available for all new clusters. 

Today we announce hosted ElastAlert -- the superb open-source alerting tool built by the team at Yelp Engineering -- now available on all new Elasticsearch clusters on AWS.

Enable Alerting Now

To get ElastAlert enabled on your cluster, simply edit your Qbox AWS cluster or migrate to a Qbox Elasticsearch cluster on AWS. The Qbox Support team is happy to help you do this at any time.

Alerting and Monitoring

Alerting is frequently confused with monitoring. The latter has been incorporated into Qbox for quite some time, and it is about the stability and performance of your Qbox cluster.

Alerting is something else entirely. It's an application-level improvement. If you want to use Elasticsearch to, say, monitor social mentions or to detect security anomalies, this is the tool you need.

Let's not forget the bane of many monitoring tools: oversaturation. Alerts are too frequently configured to send emails. Especially if you have a 24x7 use case, many people might be copied on each email. The overwhelming volume of irrelevant emails eventually gets ignored by everybody -- defeating the entire purpose. This is why ElastAlert will help you get notified in the way you prefer.

At Qbox, for example, we have dedicated Slack channels for many of our alerts. Keep in mind that the default will use Qbox's SMTP server. In addition to Slack, you can use the following tools:

  • Command
  • Email
  • JIRA
  • OpsGenie
  • SNS
  • HipChat
  • Slack
  • Telegram
  • Debug
  • Stomp

You can easily implement additional rule types and alerts. In addition, there are many other features that make alerts more useful:

  • Link alerts to Kibana dashboards
  • Aggregate counts for arbitrary fields
  • Combine alerts into periodic reports
  • Separate alerts by using a unique key field
  • Intercept and enhance match data

Implementing on Qbox

Implementing ElastAlert is easy on Qbox. When you provision a cluster, there is a configuration box where you can input your Alert rules.  If you’re unclear how to structure rules in YAML, be sure to consult the ElastAlert Documentation.

elastalert-example.png#asset:1279

Helpful Links on ElastAlert

Working toward Better Experiences

This improvement organically bubbled up through our Qbox customer feedback. If you'd like to see other improvements, be sure to contact us and let us know.

We would particularly like to call out and thank the fantastic people at Yelp Engineering along with project lead Quentin Long. Three thousand stars and 100+ committers demonstrate how good this project has become.

comments powered by Disqus