# Kibana Integration

[Kibana](https://www.elastic.co/kibana) is a powerful open-source analytics and visualization platform designed to work with Elasticsearch. It provides users with the tools to explore, visualize, and share insights into their data in real-time.

## In ilert: Create an Kibana alert source <a href="#create-alarm-source" id="create-alarm-source"></a>

1. Go to **Alert sources** --> **Alert sources** and click **Create new alert source**.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FjX0cS4q7woTXKajZmc1W%2FScreenshot%202023-08-28%20at%2010.21.10.png?alt=media&#x26;token=8ef3666b-84eb-4b51-abee-f07303313941" alt=""><figcaption></figcaption></figure>
2. Search for **Kibana** in the search field, click on the Kibana tile, and click **Next**.&#x20;

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FlXzQlJpaTFSR49AZk0xA%2FScreenshot%202023-08-28%20at%2010.24.23.png?alt=media&#x26;token=cffeacb4-57b9-47d4-827d-b0f6b1afd914" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams, and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNnuZqONaIhbOf6fn4OkZ%2FScreenshot%202023-08-28%20at%2011.37.47.png?alt=media&#x26;token=8a74f7b5-5bd2-4eea-97fa-1c1dbb041333" alt=""><figcaption></figcaption></figure>
5. Select your [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.&#x20;

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FueugN4JgHn1c90ggFA6u%2FScreenshot%202023-08-28%20at%2011.38.24.png?alt=media&#x26;token=b8009daf-3ca8-4264-a6fa-e42ef7333205" alt=""><figcaption></figcaption></figure>
6. The next page shows additional settings, such as customer alert templates or notification priority. Click on **Finish setup** for now.
7. On the final page, an API key and/or webhook URL will be generated, which you will need later in this guide.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2Fi3TIOBvNYBQfDtNpmm0A%2FScreenshot%202023-08-28%20at%2011.47.34.png?alt=media&#x26;token=6cae965a-e448-4443-8c20-37cf501c43b2" alt=""><figcaption></figcaption></figure>

## In Kibana: Create a connector

1. On the sidebar, click on **Connectors** under the **Alerts and Insights** category.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FKjNfAnmFAzbE6e2oSoac%2F1.png?alt=media&#x26;token=02108f71-e407-41c6-b7e8-5c267414e333" alt="" width="136"><figcaption></figcaption></figure>

2. Now click on **Create connector**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNb053JKHRne6IdhAf7Z1%2F2.png?alt=media&#x26;token=b04abcf6-dfd9-4efb-8000-a03d7fe5c127" alt="" width="563"><figcaption></figcaption></figure>

3. Select **Webhook**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FBwTThw25X95Ed8DPQRUh%2F3.png?alt=media&#x26;token=bf0c360a-f4e2-4562-bdd6-aa0b7fb9a0ec" alt="" width="563"><figcaption></figcaption></figure>

4. Enter a **Connector name**.
5. Under **Connector settings**, enter the previously generated ilert Elasticsearch Kibana alert source URL into the **URL** field and change the **Method** to POST.
6. Choose None under **Authentication** and enable **Add HTTP header**.
7. Enter the following header -> `key: Content-Type value: application/json`
8. Save the connector.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FIUd4UBky0jJYiCtDBNQk%2F4.png?alt=media&#x26;token=1f9fb098-7ce3-4b7c-8b18-6282c7568286" alt="" width="563"><figcaption></figcaption></figure>

9. Now, navigate to **Rules** under the **Alerts and Insights** category.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FHtFdos6iN0i0pngGddpH%2F5.png?alt=media&#x26;token=b5c07c65-f7c6-4855-bcaa-e9494e7ce62a" alt="" width="137"><figcaption></figcaption></figure>

10. Click on **Create rule**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2F4Pt5Z5ReCwoVIT2FNUEf%2F6.png?alt=media&#x26;token=92172b4f-b35e-4aa4-9d0e-394e747c72be" alt="" width="563"><figcaption></figcaption></figure>

11. Enter a **name** and select Webhook as the **connector type**.

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FCgTqITWyJTee8QoJ5ysW%2F7.png?alt=media&#x26;token=ff02f5fe-e3ac-48f6-b47e-be90cd48705e" alt="" width="375"><figcaption></figcaption></figure>

12. Choose the previous created ilert connector as **Webhook connector**.
13. Enter the following payload into the **Body** field:

{% hint style="info" %}
This payload contains [mustache](https://mustache.github.io/mustache.5.html) and is not valid for testing the connector.
{% endhint %}

```mustache
{
  "alert" : {{{ alert }}},
  "context" : {{{ context }}},
  "rule" : {{{ rule }}}
}
```

<figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FAiEBA4C9d4praqmXjh4H%2F8.png?alt=media&#x26;token=3189c4f1-37f3-4d1c-af4a-78710e830180" alt=""><figcaption></figcaption></figure>

14. Save the rule.

## FAQ

**Will alerts in ilert be resolved automatically?**

No, unfortunately, Kibana is not compatible with ilert's resolve event.