You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you install or upgrade {{agent}}, new alert rules are created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly.
18
+
19
+
::::{note}
20
+
The built-in alerts feature for {{agent}} is available only for some subscription levels. The license (or a trial license) must be in place before you install or upgrade {{agent}} before this feature is available.
21
+
22
+
Refer [Elastic subscriptions](https://www.elastic.co/subscriptions) for more information.
23
+
::::
24
+
25
+
In {{kib}}, you can enable out-of-the-box rules pre-configured with reasonable defaults to provide immediate value for managing agents.
26
+
You can use [ES|QL](/explore-analyze/discover/try-esql.md) to author conditions for each rule.
27
+
28
+
Connectors are not added to rules automatically, but you can attach a connector to route alerts to your platform of choice -- Slack or email, for example.
29
+
In addition, you can add filters for policies, tags, or hostnames to scope alerts to specific sets of agents
30
+
31
+
You can find these rules in **Stack Management** > **Alerts and Insights** > **Rules**.
32
+
33
+
34
+
## Alert templates assets for integrations [alert-templates]
35
+
36
+
Some integration packages include alerting rule template assets that provide pre-made definitions of alerting rules. You can use the templates to create your own custom alerting rules that you can enable and fine tune.
37
+
38
+
When you click a template, you get a pre-filled rule creation form. You can define and adjust values, set up connectors, and define rule actions to create your custom alerting rule.
39
+
40
+
You can see available templates in the **integrations/detail/<package>/assets** view.
Copy file name to clipboardExpand all lines: reference/fleet/manage-integrations.md
+10-12Lines changed: 10 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,26 +12,28 @@ products:
12
12
13
13
# Manage {{agent}} integrations [integrations]
14
14
15
-
{{agent}} integrations provide a unified way to collect data from apps and services and to protect systems from security threats.
16
-
17
-
Integrations are available for a wide array of services and platforms. To browse the full list of available integrations, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
15
+
{{agent}} integrations provide a simple, unified way to collect data from popular apps and services, and protect systems from security threats.
16
+
Integrations are available for a wide array of popular services and platforms. To see the full list, go to the **Integrations** page in {{kib}}, or visit [Elastic Integrations](integration-docs://reference/index.md).
18
17
19
18
{{agent}} integrations based on the [Elastic Common Schema](ecs://reference/index.md) (ECS) come prepackaged with assets that support your observability needs:
20
19
21
20
* Data ingestion, storage, and transformation rules
22
21
* Configuration options
22
+
* Alert templates to enable users to quickly set up custom alerting rules (available in some integrations) {applies_to}`stack: ga 9.2`
23
23
* Pre-built, custom dashboards and visualizations
24
24
* Documentation
25
25
26
26
{applies_to}`stack: preview 9.2.0` {{fleet}} also supports installing {{agent}} integration packages for collecting and visualizing OpenTelemetry data. For more information, refer to [Collect OpenTelemetry data with {{agent}} integrations](/reference/fleet/otel-integrations.md).
27
27
28
+
Note that the **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr).
29
+
28
30
::::{note}
29
-
Some integrations may function differently across different spaces, and some might only work in the default space. For any space-related considerations, review the documentation for the specific integration.
31
+
Some integrations may function differently across different spaces, with some working only in the default space. Review the documentation specific to your integration for any space-related considerations.
30
32
::::
31
33
32
-
## Integration actions [integration-actions]
34
+
## Work with integrations [work-with-integrations]
33
35
34
-
The following table shows the main actions you can perform in the **Integrations** app in {{kib}}. You can perform some of these actions from other places in {{kib}}, too.
36
+
You can perform a variety of actions in the **Integrations** app in {{kib}}. Some of these actions are also available from other places in {{kib}}.
35
37
36
38
| User action | Result |
37
39
| --- | --- |
@@ -42,10 +44,6 @@ The following table shows the main actions you can perform in the **Integrations
42
44
|[View integration assets](/reference/fleet/view-integration-assets.md)| View the {{kib}} assets installed for a specific integration. |
43
45
|[Upgrade an integration](/reference/fleet/upgrade-integration.md)| Upgrade an integration to the latest version. |
44
46
45
-
::::{note}
46
-
The **Integrations** app in {{kib}} needs access to the public {{package-registry}} to discover integrations. If your deployment has network restrictions, you can [deploy your own self-managed {{package-registry}}](/reference/fleet/air-gapped.md#air-gapped-diy-epr).
Once you've started using integrations to ingest data, you can customize how that data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more.
51
-
:::
49
+
After you've started using integrations to ingest data, you can customize how the data is managed over time. Refer to [Index lifecycle management](/reference/fleet/data-streams.md#data-streams-ilm) to learn more.
0 commit comments