Alerting and analytics go together like cookies and milk. We’ve known this, but we didn’t build alerting into our Elasticsearch service because there are so many good solutions out there that we thought we would be reinventing the wheel.
However, as uses for Elasticsearch have diversified, we changed our opinion. We’ve implemented enough alerting solutions for our customers that we decided to make the best turnkey alerting solution available for all new clusters.
Today we announce hosted ElastAlert — the superb open-source alerting tool built by the team at Yelp Engineering — now available on all new Elasticsearch clusters on AWS.
Enable Alerting Now
To get ElastAlert enabled on your cluster, simply edit your Qbox AWS cluster or migrate to a Qbox Elasticsearch cluster on AWS. The Qbox Support team is happy to help you do this at any time.
Alerting and Monitoring
Alerting is frequently confused with monitoring. The latter has been incorporated into Qbox for quite some time, and it is about the stability and performance of your Qbox cluster.
Alerting is something else entirely. It’s an application-level improvement. If you want to use Elasticsearch to, say, monitor social mentions or to detect security anomalies, this is the tool you need.
Let’s not forget the bane of many monitoring tools: oversaturation. Alerts are too frequently configured to send emails. Especially if you have a 24×7 use case, many people might be copied on each email. The overwhelming volume of irrelevant emails eventually gets ignored by everybody — defeating the entire purpose. This is why ElastAlert will help you get notified in the way you prefer.
At Qbox, for example, we have dedicated Slack channels for many of our alerts. Keep in mind that the default will use Qbox’s SMTP server. Click the link below for an in-depth tutorial:
You can easily implement additional rule types and alerts. In addition, there are many other features that make alerts more useful:
- Link alerts to Kibana dashboards
- Aggregate counts for arbitrary fields
- Combine alerts into periodic reports
- Separate alerts by using a unique key field
- Intercept and enhance match data
Implementing on Qbox
Implementing ElastAlert is easy on Qbox. When you provision a cluster, there is a configuration box where you can input your Alert rules. If you’re unclear how to structure rules in YAML, be sure to consult the ElastAlert Documentation.
Helpful Links on ElastAlert
- ElastAlert Documentation
- Examples Rules
- ElastAlert Github
- Yelp Case Study, ElastAlert: Alerting At Scale With Elasticsearch, Part 1
- Yelp Case Study, ElastAlert: Alerting At Scale With Elasticsearch, Part 2
Working toward Better Experiences
This improvement organically bubbled up through our Qbox customer feedback. If you’d like to see other improvements, be sure to contact us and let us know.
We would particularly like to call out and thank the fantastic people at Yelp Engineering along with project lead Quentin Long. Three thousand stars and 100+ committers demonstrate how good this project has become.