Index action

The index action type will index a document into Elasticsearch. See also the create index API.

Connector configuration

Index connectors have the following configuration properties:

Name

The name of the connector. The name is used to identify a connector in the management UI connector listing, or in the connector list when configuring an action.

Index

The Elasticsearch index to be written to.

Refresh

Setting for the refresh policy for the write request.

Execution time field

This field will be automatically set to the time the alert condition was detected.

Preconfigured action type

 my-index:
   name: action-type-index
   actionTypeId: .index
   config:
     index: .kibana
     refresh: true
     executionTimeField: somedate

config defines the action type specific to the configuration and contains the following properties:

Action configuration

Index actions have the following properties:

Document

The document to index in JSON format.

Example of the index document for Index Threshold alert:

{
    "alert_id": "{{alertId}}",
    "alert_name": "{{alertName}}",
    "alert_instance_id": "{{alertInstanceId}}",
    "context_message": "{{context.message}}"
}

Example of create test index using the API.

PUT test
{
    "settings" : {
        "number_of_shards" : 1
    },
    "mappings" : {
        "_doc" : {
            "properties" : {
                "alert_id" : { "type" : "text" },
                "alert_name" : { "type" : "text" },
                "alert_instance_id" : { "type" : "text" },
                "context_message": { "type" : "text" }
            }
        }
    }
}

Most Popular

• Get Started with Elasticsearch: Video
• Intro to Kibana: Video
• ELK for Logs & Metrics: Video