Elastic Watcher Integration

With the ilert Elastic Watcher (formerly X-Pack Alerting) integration, you can create alerts in ilert based on Watcher alerts.

Elastic Watcher is a set of administrative features that enable you to watch for changes or anomalies in your data and perform the necessary actions in response.

In ilert: Create an Elastic Watcher alert source

Go to Alert sources -> Alert sources and click Create new alert source
Search for Elastic Watcher in the search field, click the Elastic Watcher tile, and click Next.
Give your alert source a name, optionally assign teams, and click Next.
Select an escalation policy by creating a new one or assigning an existing one.
Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
The next page shows additional settings, such as customer alert templates or notification priority. Click on Finish setup for now.
On the final page, an API key and/or webhook URL will be generated, which you will need later in this guide.

In Elastic Watcher

Create a watcher

Go to Stack Management and then to Alerts and Insights -> Watcher, then click the Create button and the Create advanced watch button.

On the next page, name the watcher e.g. ilert, define conditions and actions the Webhook URL that you generated in ilert as follows:

{
    ...
    [CONFIGURATIONS OF YOUR ELASTIC WATCHER ALERT]
    ...
    "actions" : {
        "ilert" : {
            "webhook" : {
                "scheme" : "https",
                "method" : "POST",
                "host" : "api.ilert.com",
                "port" : 443,
                "path" : "/api/v1/events/eswatcher/[YOUR API KEY]",
                "headers" : {
                    "Content-Type" : "application/json"
                },
                "params": {},
                "body" : "{{#toJson}}ctx{{/toJson}}"
            }
        }
    }
}

Finished! Your Elastic Watcher will now create alerts in ilert.

FAQ

Will alerts in ilert be resolved automatically?

No, unfortunately, Elastic Watcher's notification is not compatible with ilert's resolve event.

Can I connect Elastic Watcher with multiple alert sources from ilert?

Yes, simply add more watchers in Elastic Watcher.

PreviousEkara integration NextEmail Inbound Integration

Last updated 1 year ago

Was this helpful?