ELK Alering

2-minute read

Elasticsearch Alerting (former Watcher) Alternatives:
(in the order of my preference aftere quick reading)

  1. https://www.elastic.co/guide/en/kibana/7.8/alert-action-settings-kb.html
    Official “Alerts and Actions” Beta starting from 7.8 version

  2. https://github.com/Yelp/elastalert
    https://elastalert.readthedocs.io/en/latest/elastalert.html
    Elastalert (open source) is a simple and popular open source tool for alerting on anomalies, spikes, or other patterns of interest found in data stored in Elasticsearch. Elastalert works with all versions of Elasticsearch.

  3. https://github.com/sirensolutions/sentinl
    Sentinl extends Kibi or Kibana with Alerting and Reporting functionality to monitor, notify, and report on data series changes using standard queries, programmable validators, and a variety of configurable actions.

  4. https://opendistro.github.io/for-elasticsearch/features/alerting.html
    IB> Plugin for Kibana, so fits into the existing interface, even version 6.x

  5. a. https://sematext.com/logagent/
    Logagent (open source) is a general log shipper. However, it can schedule Elasticsearch queries (input), filter the results using custom criteria and alert via pluggable outputs like Slack. Thus, using Logagent for alerting on Elasticsearch data is just a matter of configuration.

  6. b. https://sematext.com/cloud/
    Sematext Cloud provides alerts on metrics and logs. It offers alerting based on threshold or statistical anomaly detection, as well as heartbeat alerts. It comes with default alerts for all integrations (e.g. for disk storage or JVM garbage collector, etc.) and features ChatOps integrations like PagerDuty, Slack, HipChat, BigPanda, WebHooks, Pushover, e-mail, etc.
    IB> It seems to be the whole platform, not an Alerting tool for ELK

  7. https://www.skedler.com/alerts/
    IB> Notify via emails or Slack. Free edition: allows only 2 alerts, no REST API.Basic edition is $995 per year.