Skip to content

Commit

Permalink
Generate kibana discover link (#3)
Browse files Browse the repository at this point in the history 
* Renaming config to generate-kibana-discover-link
  • Loading branch information
@JeffAshton
JeffAshton authored Sep 20, 2019
1 parent 89b96ad commit e5d20ea
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 16 deletions.
12 changes: 6 additions & 6 deletions docs/source/ruletypes.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 58,7 @@ Rule Configuration Cheat Sheet
-------------------------------------------------------------- |
| ``kibana4_end_timedelta`` (time, default: 10 min) | |
-------------------------------------------------------------- |
| ``use_kibana_discover`` (boolean, default False) | |
| ``generate_kibana_discover_link`` (boolean, default False) | |
-------------------------------------------------------------- |
| ``kibana_discover_url`` (string, no default) | |
-------------------------------------------------------------- |
Expand Down Expand Up @@ -524,22 524,22 @@ This value is added in back of the event. For example,

``kibana4_end_timedelta: minutes: 2``

use_kibana_discover
^^^^^^^^^^^^^^^^^^^
generate_kibana_discover_link
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

``use_kibana_discover``: Enables the generation of the ``kibana_link`` variable for the Kibana Discover application.
``generate_kibana_discover_link``: Enables the generation of the ``kibana_discover_link`` variable for the Kibana Discover application.
This setting requires the following settings are also configured:

- ``kibana_discover_url``
- ``kibana_discover_version``
- ``kibana_discover_index_pattern_id``

``use_kibana_discover: true``
``generate_kibana_discover_link: true``

kibana_discover_url
^^^^^^^^^^^^^^^^^^^^

``kibana_discover_url``: The url of the Kibana Discover application used to generate the ``kibana_link`` variable.
``kibana_discover_url``: The url of the Kibana Discover application used to generate the ``kibana_discover_link`` variable.
This value can use `$VAR` and `${VAR}` references to expand environment variables.

``kibana_discover_url: http://kibana:5601/#/discover``
Expand Down
4 changes: 2 additions & 2 deletions elastalert/elastalert.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1498,10 1498,10 @@ def send_alert(self, matches, rule, alert_time=None, retried=False):
if kb_link:
matches[0]['kibana_link'] = kb_link

if rule.get('use_kibana_discover'):
if rule.get('generate_kibana_discover_link'):
kb_link = generate_kibana_discover_link(rule, matches[0])
if kb_link:
matches[0]['kibana_link'] = kb_link
matches[0]['kibana_discover_link'] = kb_link

# Enhancements were already run at match time if
# run_enhancements_first is set or
Expand Down
14 changes: 7 additions & 7 deletions elastalert/kibana_discover.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,19 19,19 @@
def generate_kibana_discover_link(rule, match):
''' Creates a link for a kibana discover app. '''

kibana_version = rule.get('kibana_discover_version')
if not kibana_version:
discover_url = rule.get('kibana_discover_url')
if not discover_url:
logging.warning(
'use_kibana_discover was configured without kibana_discover_version for rule %s' % (
'Missing kibana_discover_url for rule %s' % (
rule.get('name', '<MISSING NAME>')
)
)
return None

discover_url = rule.get('kibana_discover_url')
if not discover_url:
kibana_version = rule.get('kibana_discover_version')
if not kibana_version:
logging.warning(
'use_kibana_discover was configured without kibana_discover_url for rule %s' % (
'Missing kibana_discover_version for rule %s' % (
rule.get('name', '<MISSING NAME>')
)
)
Expand All @@ -40,7 40,7 @@ def generate_kibana_discover_link(rule, match):
index = rule.get('kibana_discover_index_pattern_id')
if not index:
logging.warning(
'use_kibana_discover was configured without kibana_discover_index_pattern_id for rule %s' % (
'Missing kibana_discover_index_pattern_id for rule %s' % (
rule.get('name', '<MISSING NAME>')
)
)
Expand Down
2 changes: 1 addition & 1 deletion elastalert/schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 204,7 @@ properties:
scan_entire_timeframe: {type: boolean}

### Kibana Discover App Link
use_kibana_discover: {type: boolean}
generate_kibana_discover_link: {type: boolean}
kibana_discover_url: {type: string}
kibana_discover_version: {enum: ['7.3', '7.2', '7.1', '7.0', '6.8', '6.7', '6.6', '6.5', '6.4', '6.3', '6.2', '6.1', '6.0', '5.6']}
kibana_discover_index_pattern_id: {type: string}
Expand Down

0 comments on commit e5d20ea

Please sign in to comment.