You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<div class="method-summary">Creates a rule with a randomly generated rule identifier. (<span class="nickname">createRule</span>)</div>
56
-
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're creating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. NOTE: This API supports only token-based authentication. When you create a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If a user with different privileges updates the rule, its behavior might change.</div>
56
+
<div class="method-notes">To create a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're creating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.</div>
57
57
58
58
<h3 class="field-label">Path parameters</h3>
59
59
<div class="field-items">
@@ -289,7 +289,7 @@ Any modifications made to this file will be overwritten.
<div class="method-summary">Creates a rule with a specific rule identifier. (<span class="nickname">createRuleId</span>)</div>
292
-
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're creating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. NOTE: This API supports only token-based authentication. When you create a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If a user with different privileges updates the rule, its behavior might change.</div>
292
+
<div class="method-notes">To create a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're creating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.</div>
293
293
294
294
<h3 class="field-label">Path parameters</h3>
295
295
<div class="field-items">
@@ -527,7 +527,7 @@ Any modifications made to this file will be overwritten.
<div class="method-summary">Deletes a rule. (<span class="nickname">deleteRule</span>)</div>
530
-
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're deleting. For example, the <strong>Management</strong> > <strong>Stack Rules</strong> feature, <strong>Analytics</strong> > <strong>Discover</strong> or <strong>Machine Learning</strong> features, <strong>Observability</strong>, or <strong>Security</strong> features. WARNING: After you delete a rule, you cannot recover it.</div>
530
+
<div class="method-notes">To delete a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're deleting. For example, the <strong>Management</strong> > <strong>Stack Rules</strong> feature, <strong>Analytics</strong> > <strong>Discover</strong> or <strong>Machine Learning</strong> features, <strong>Observability</strong>, or <strong>Security</strong> features. WARNING: After you delete a rule, you cannot recover it. If the API key that is used by the rule was created automatically, it is deleted.</div>
531
531
532
532
<h3 class="field-label">Path parameters</h3>
533
533
<div class="field-items">
@@ -629,7 +629,7 @@ Any modifications made to this file will be overwritten.
<div class="method-summary">Enables a rule. (<span class="nickname">enableRule</span>)</div>
632
-
<div class="method-notes">This API supports token-based authentication only. You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features.</div>
632
+
<div class="method-notes">To enable a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule. For example, the <strong>Management > Stack Rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong>, and <strong>Security</strong> features. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs.</div>
633
633
634
634
<h3 class="field-label">Path parameters</h3>
635
635
<div class="field-items">
@@ -2594,7 +2594,7 @@ Any modifications made to this file will be overwritten.
<div class="method-summary">Updates the attributes for a rule. (<span class="nickname">updateRule</span>)</div>
2597
-
<div class="method-notes">You must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're updating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. NOTE: This API supports only token-based authentication. When you update a rule, it identifies which roles you have at that point in time. Thereafter, when the rule performs queries, it uses those security privileges. If you have different privileges than the user that created or most recently updated the rule, you might change its behavior. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.</div>
2597
+
<div class="method-notes">To update a rule, you must have <code>all</code> privileges for the appropriate Kibana features, depending on the <code>consumer</code> and <code>rule_type_id</code> of the rule you're updating. For example, you must have privileges for the <strong>Management > Stack rules</strong> feature, <strong>Analytics > Discover</strong> and <strong>Machine Learning</strong> features, <strong>Observability</strong> features, or <strong>Security</strong> features. If the rule has actions, you must also have <code>read</code> privileges for the <strong>Management > Actions and Connectors</strong> feature. This API supports both key- and token-based authentication. To use key-based authentication, create an API key in Kibana and use it in the header of the API call. To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically. In both cases, the API key is subsequently used for authorization when the rule runs. NOTE: If the API key has different privileges than the key that created or most recently updated the rule, the rule behavior might change. Though some properties are optional, when you update the rule the existing property values are overwritten with default values. Therefore, it is recommended to explicitly set all property values.</div>
TIP: You can also manage connectors as resources with the https://registry.terraform.io/providers/elastic/elasticstack/latest[Elasticstack provider] for Terraform.
163
+
For more details, refer to the https://registry.terraform.io/providers/elastic/elasticstack/latest/docs/resources/kibana_action_connector[elasticstack_kibana_action_connector] resource.
Copy file name to clipboardExpand all lines: docs/user/alerting/alerting-setup.asciidoc
+17-13Lines changed: 17 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,11 @@
4
4
<titleabbrev>Set up</titleabbrev>
5
5
++++
6
6
7
+
:frontmatter-description: Prerequisites and production considerations for using {kib} {alert-features}.
8
+
:frontmatter-tags-products: [alerting]
9
+
:frontmatter-tags-content-type: [other]
10
+
:frontmatter-tags-user-goals: [configure]
11
+
7
12
{kib} {alert-features} are automatically enabled, but might require some additional
8
13
configuration.
9
14
@@ -77,27 +82,26 @@ A rule or connector created in one space will not be visible in another.
77
82
Rules are authorized using an API key.
78
83
Its credentials are used to run all background tasks associated with the rule, including condition checks like {es} queries and triggered actions.
79
84
80
-
You can create API keys and use them in the header of your API calls as described in <<api-keys>>.
81
-
If you create or edit a rule in {kib}, an API key is created that captures a snapshot of your privileges at the time of the edit. The following actions regenerate the API key in {kib}:
85
+
If you create or edit a rule in {kib}, an API key is created that captures a snapshot of your privileges at the time of the edit.
86
+
The following actions regenerate the API key in {kib}:
82
87
83
88
* Creating a rule
84
89
* Updating a rule
85
90
86
-
When you disable a rule, it retains the associated API key which is reused when
87
-
the rule is enabled. If the API key is missing when you enable the rule (for
88
-
example, in the case of imported rules), it generates a new key that has your
89
-
security privileges.
91
+
When you disable a rule, it retains the associated API key which is reused when the rule is enabled.
92
+
If the API key is missing when you enable the rule (for example, in the case of imported rules), it generates a new key that has your security privileges.
93
+
94
+
You can update an API key manually in **{stack-manage-app} > {rules-ui}** or in the rule details page by selecting **Update API key** in the actions menu.
90
95
91
-
You can update an API key manually in
92
-
**{stack-manage-app} > {rules-ui}** or in the rule details page by selecting
93
-
**Update API key** in the actions menu.
96
+
If you manage your rules by using {kib} APIs, they support support both key- and token-based authentication as described in <<api-authentication>>.
97
+
To use key-based authentication, create API keys and use them in the header of your API calls as described in <<api-keys>>.
98
+
To use token-based authentication, provide a username and password; an API key that matches the current privileges of the user is created automatically.
99
+
In both cases, the API key is subsequently associated with the rule and used when it runs.
94
100
95
101
[IMPORTANT]
96
102
==============================================
97
-
If a rule requires certain privileges, such as index privileges, to run and a
98
-
user without those privileges updates the rule, the rule will no longer
99
-
function. Conversely, if a user with greater or administrator privileges
100
-
modifies the rule, it will begin running with increased privileges.
103
+
If a rule requires certain privileges, such as index privileges, to run and a user without those privileges updates the rule, the rule will no longer function.
104
+
Conversely, if a user with greater or administrator privileges modifies the rule, it will begin running with increased privileges.
101
105
The same behavior occurs when you change the API key in the header of your API calls.
0 commit comments