You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/reference/data-streams/failure-store-recipes.asciidoc
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -310,24 +310,24 @@ Since failure stores can be searched just like a normal data stream, we can use
310
310
If you want to use KQL or Lucene query types, you should first create a data view for your failure store data.
311
311
If you plan to use {esql} or the Query DSL query types, this step is not required.
312
312
Navigate to the data view page in Kibana and add a new data view. Set the index pattern to your failure store using the selector syntax.
313
-
image::/manage-data/images/elasticsearch-reference-management_failure_store_alerting_create_data_view.png[create a data view using the failure store syntax in the index name]
313
+
image::images/data-streams/failure_store_alerting_create_data_view.png[create a data view using the failure store syntax in the index name]
314
314
315
315
===== Step 2: Create new rule
316
316
Navigate to Management / Alerts and Insights / Rules. Create a new rule. Choose the {es} query option.
317
-
image::/manage-data/images/elasticsearch-reference-management_failure_store_alerting_create_rule.png[create a new alerting rule and select the elasticsearch query option]
317
+
image::images/data-streams/failure_store_alerting_create_rule.png[create a new alerting rule and select the elasticsearch query option]
318
318
319
319
===== Step 3: Pick your query type
320
320
Choose which query type you wish to use
321
321
For KQL/Lucene queries, reference the data view that contains your failure store.
322
-
image::/manage-data/images/elasticsearch-reference-management_failure_store_alerting_kql.png[use the data view created in the previous step as the input to the kql query]
322
+
image::images/data-streams/failure_store_alerting_kql.png[use the data view created in the previous step as the input to the kql query]
323
323
For Query DSL queries, use the `::failures` suffix on your data stream name.
324
-
image::/manage-data/images/elasticsearch-reference-management_failure_store_alerting_dsl.png[use the ::failures suffix in the data stream name in the query dsl]
324
+
image::images/data-streams/failure_store_alerting_dsl.png[use the ::failures suffix in the data stream name in the query dsl]
325
325
For {esql} queries, use the `::failures` suffix on your data stream name in the `FROM` command.
326
-
image::/manage-data/images/elasticsearch-reference-management_failure_store_alerting_esql.png[use the ::failures suffix in the data stream name in the from command]
326
+
image::images/data-streams/failure_store_alerting_esql.png[use the ::failures suffix in the data stream name in the from command]
327
327
328
328
===== Step 4: Test
329
329
Configure schedule, actions, and details of the alert before saving the rule.
330
-
image::/manage-data/images/elasticsearch-reference-management_failure_store_alerting_finish.png[complete the rule configuration and save it]
330
+
image::images/data-streams/failure_store_alerting_finish.png[complete the rule configuration and save it]
331
331
332
332
[[data-remediation]]
333
333
==== Data remediation
@@ -526,6 +526,7 @@ PUT _ingest/pipeline/my-datastream-remediation-pipeline
526
526
527
527
====== Step 4: Test your pipelines
528
528
Before sending data off to be reindexed, be sure to test the pipelines in question with an example document to make sure they work. First, test to make sure the resulting document from the remediation pipeline is shaped how you expect. We can use the https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-ingest-simulate[simulate pipeline API] for this.
0 commit comments