Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Kibana 7.14.0 saved objects for alerting o11y
{"attributes":{"fieldAttrs":"{\"soid\":{\"count\":4},\"_id\":{\"count\":1},\"event.action\":{\"count\":2},\"event.duration\":{\"count\":3},\"event.provider\":{\"count\":2},\"kibana.alerting.status\":{\"count\":1},\"rule.id\":{\"count\":1},\"rule.name\":{\"count\":2}}","fieldFormatMap":"{\"event.duration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"outputPrecision\":0,\"showSuffix\":false}},\"kibana.task.schedule_delay\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"asMilliseconds\",\"showSuffix\":true,\"useShortSuffix\":true}}}","fields":"[]","runtimeFieldMap":"{\"soid\":{\"type\":\"keyword\",\"script\":{\"source\":\"def savedObjects = params._source[\\\"kibana\\\"][\\\"saved_objects\\\"];\\n\\nif (savedObjects != null) {\\n for (def savedObject : savedObjects) {\\n emit(savedObject[\\\"type\\\"] + \\\":\\\" + savedObject[\\\"id\\\"])\\n } \\n}\"}},\"error.message.keyword\":{\"type\":\"keyword\",\"script\":{\"source\":\"def error = params._source[\\\"error\\\"];\\n\\nif (error != null) {\\n emit(error[\\\"message\\\"])\\n}\\n\"}},\"message.keyword\":{\"type\":\"keyword\",\"script\":{\"source\":\"emit(params._source[\\\"message\\\"])\"}}}","timeFieldName":"@timestamp","title":".kibana-event-log-*","typeMeta":"{}"},"coreMigrationVersion":"7.14.0","id":"119d36c0-ce30-11eb-9885-59d424b49d0b","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-08-20T04:58:11.911Z","version":"WzQyLDFd"}
{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","title":".kibana_task_manager","typeMeta":"{}"},"coreMigrationVersion":"7.14.0","id":"ba3b8a50-016d-11ec-b222-43e9c7685688","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-08-20T04:58:11.911Z","version":"WzQzLDFd"}
{"attributes":{"description":"A dashboard with visualizations over the Kibana event log and task manager, primarily for observing Kibana alerting activity. \n","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":9,\"i\":\"6fd25d07-386c-4e51-a9d7-6cbbc28e8ddb\"},\"panelIndex\":\"6fd25d07-386c-4e51-a9d7-6cbbc28e8ddb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"024165cc-1969-4c99-992e-b55b73090fde\":{\"columns\":{\"db4bbd12-77d1-4d9d-a5e4-9f96054a019a\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"55c29627-dffa-4075-a112-243081240226\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"event.provider: \\\"alerting\\\" AND event.action: \\\"execute\\\"\",\"language\":\"kuery\"}},\"810b4f18-8b12-4bc5-92e7-cab51da8ea8d\":{\"label\":\"Top values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"55c29627-dffa-4075-a112-243081240226\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"810b4f18-8b12-4bc5-92e7-cab51da8ea8d\",\"db4bbd12-77d1-4d9d-a5e4-9f96054a019a\",\"55c29627-dffa-4075-a112-243081240226\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"024165cc-1969-4c99-992e-b55b73090fde\",\"accessors\":[\"55c29627-dffa-4075-a112-243081240226\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"db4bbd12-77d1-4d9d-a5e4-9f96054a019a\",\"splitAccessor\":\"810b4f18-8b12-4bc5-92e7-cab51da8ea8d\"}],\"curveType\":\"CURVE_MONOTONE_X\",\"yRightExtent\":{\"mode\":\"full\"},\"yLeftExtent\":{\"mode\":\"full\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"2a9cb600-ebea-11eb-b20b-d74b5b35b7e7\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-layer-024165cc-1969-4c99-992e-b55b73090fde\"}]},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"title\":\"average task duration for \\\"top 10\\\" rules\"},{\"version\":\"7.14.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"6bfa527c-9b9f-4682-ac4d-df7086e6850a\"},\"panelIndex\":\"6bfa527c-9b9f-4682-ac4d-df7086e6850a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"97daefb0-050f-435e-8e89-367141f07b33\":{\"columns\":{\"93a2b4ed-2418-4af2-abb5-daef8b111b8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X0\":{\"label\":\"Part of moving_average(median(kibana.task.schedule_delay), window=5)/1000000000\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"kibana.task.schedule_delay\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true},\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X1\":{\"label\":\"Part of moving_average(median(kibana.task.schedule_delay), window=5)/1000000000\",\"dataType\":\"number\",\"operationType\":\"moving_average\",\"isBucketed\":false,\"scale\":\"ratio\",\"references\":[\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X0\"],\"params\":{\"window\":5},\"customLabel\":true},\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X2\":{\"label\":\"Part of moving_average(median(kibana.task.schedule_delay), window=5)/1000000000\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X1\",1000000000],\"location\":{\"min\":0,\"max\":71},\"text\":\"moving_average(median(kibana.task.schedule_delay), window=5)/1000000000\"}},\"references\":[\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X1\"],\"customLabel\":true},\"6dc11fa5-56a4-4e40-962f-b4e7213e0277\":{\"label\":\"schedule delay in secs\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"moving_average(median(kibana.task.schedule_delay), window=5)/1000000000\",\"isFormulaBroken\":false},\"references\":[\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X2\"],\"customLabel\":true},\"7b16e5cb-b57d-4b36-bafb-a7686b074ff5\":{\"label\":\"Top values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"7b16e5cb-b57d-4b36-bafb-a7686b074ff5\",\"93a2b4ed-2418-4af2-abb5-daef8b111b8f\",\"6dc11fa5-56a4-4e40-962f-b4e7213e0277\",\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X0\",\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X1\",\"6dc11fa5-56a4-4e40-962f-b4e7213e0277X2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"97daefb0-050f-435e-8e89-367141f07b33\",\"accessors\":[\"6dc11fa5-56a4-4e40-962f-b4e7213e0277\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"93a2b4ed-2418-4af2-abb5-daef8b111b8f\",\"splitAccessor\":\"7b16e5cb-b57d-4b36-bafb-a7686b074ff5\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-layer-97daefb0-050f-435e-8e89-367141f07b33\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"rule schedule delay\"},{\"version\":\"7.14.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":9,\"i\":\"eeefb146-5bc5-434a-9665-afac53787633\"},\"panelIndex\":\"eeefb146-5bc5-434a-9665-afac53787633\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1ae781ce-27e0-45f4-9902-d27d5f6e0b49\":{\"columns\":{\"d65356ee-1784-48ea-a361-5968b95ab256\":{\"label\":\"Top values of event.outcome\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.outcome\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7f3d659f-0e7b-4565-8b55-f865be6257f3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6ee0ab12-c5ea-404d-8128-ab207bf94145\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"7f3d659f-0e7b-4565-8b55-f865be6257f3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"filter\":{\"query\":\"event.outcome : *\",\"language\":\"kuery\"}}},\"columnOrder\":[\"6ee0ab12-c5ea-404d-8128-ab207bf94145\",\"d65356ee-1784-48ea-a361-5968b95ab256\",\"7f3d659f-0e7b-4565-8b55-f865be6257f3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"1ae781ce-27e0-45f4-9902-d27d5f6e0b49\",\"accessors\":[\"7f3d659f-0e7b-4565-8b55-f865be6257f3\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"xAccessor\":\"6ee0ab12-c5ea-404d-8128-ab207bf94145\",\"splitAccessor\":\"d65356ee-1784-48ea-a361-5968b95ab256\"}],\"curveType\":\"CURVE_MONOTONE_X\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-layer-1ae781ce-27e0-45f4-9902-d27d5f6e0b49\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"action / rule executions\"},{\"version\":\"7.14.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":9,\"i\":\"bc3b50aa-5624-412b-9b7b-2d14de5aab0c\"},\"panelIndex\":\"bc3b50aa-5624-412b-9b7b-2d14de5aab0c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsHeatmap\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a6e740be-36e6-416b-a4c8-f8dbdbdf4dce\":{\"columns\":{\"9d3de087-3dcf-463d-b7bd-1d6090c1ef17\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"e3524361-f915-4843-ae7f-0caf6632abbe\":{\"label\":\"Top values of t.status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"task.status\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d3de087-3dcf-463d-b7bd-1d6090c1ef17\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9fcc508b-2bca-43c8-9e4b-51dbe6a7860a\":{\"label\":\"Top values of t.taskType\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"task.taskType\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d3de087-3dcf-463d-b7bd-1d6090c1ef17\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"e3524361-f915-4843-ae7f-0caf6632abbe\",\"9fcc508b-2bca-43c8-9e4b-51dbe6a7860a\",\"9d3de087-3dcf-463d-b7bd-1d6090c1ef17\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"a6e740be-36e6-416b-a4c8-f8dbdbdf4dce\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"lens_heatmap_legendConfig\"},\"gridConfig\":{\"type\":\"lens_heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true},\"valueAccessor\":\"9d3de087-3dcf-463d-b7bd-1d6090c1ef17\",\"yAccessor\":\"9fcc508b-2bca-43c8-9e4b-51dbe6a7860a\",\"xAccessor\":\"e3524361-f915-4843-ae7f-0caf6632abbe\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"ba3b8a50-016d-11ec-b222-43e9c7685688\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"ba3b8a50-016d-11ec-b222-43e9c7685688\",\"name\":\"indexpattern-datasource-layer-a6e740be-36e6-416b-a4c8-f8dbdbdf4dce\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"tasks per type / status\"},{\"version\":\"7.14.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":10,\"i\":\"e548f101-e615-46fc-8a53-e108c54d50f1\"},\"panelIndex\":\"e548f101-e615-46fc-8a53-e108c54d50f1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e1f42c8-4975-4d21-a638-23fab0bbb266\":{\"columns\":{\"5c567c8b-2405-464a-8655-e5a6f0704299\":{\"label\":\"message\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"error.message.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2cbf1dda-1cc6-4d0b-a4c9-376290cc9a85\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"4f534c76-b086-4a67-a9dd-6a7e4295d9a8\":{\"label\":\"time\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"},\"customLabel\":true},\"2cbf1dda-1cc6-4d0b-a4c9-376290cc9a85\":{\"label\":\"count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"4f534c76-b086-4a67-a9dd-6a7e4295d9a8\",\"5c567c8b-2405-464a-8655-e5a6f0704299\",\"2cbf1dda-1cc6-4d0b-a4c9-376290cc9a85\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"5c567c8b-2405-464a-8655-e5a6f0704299\",\"width\":428},{\"isTransposed\":false,\"columnId\":\"4f534c76-b086-4a67-a9dd-6a7e4295d9a8\"},{\"isTransposed\":false,\"columnId\":\"2cbf1dda-1cc6-4d0b-a4c9-376290cc9a85\"}],\"layerId\":\"8e1f42c8-4975-4d21-a638-23fab0bbb266\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"119d36c0-ce30-11eb-9885-59d424b49d0b\",\"name\":\"indexpattern-datasource-layer-8e1f42c8-4975-4d21-a638-23fab0bbb266\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"error messages\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":3,\"i\":\"01fa531b-07d1-4cc9-95c7-409216d274af\"},\"panelIndex\":\"01fa531b-07d1-4cc9-95c7-409216d274af\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"https://gist.github.com/pmuellr/e9ac5cda106589dc52477ede9accb20c\\n\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"link to dashboard export\"}]","timeRestore":false,"title":"Kibana alerting event log and tasks","version":1},"coreMigrationVersion":"7.14.0","id":"6fa9a830-016f-11ec-b222-43e9c7685688","migrationVersion":{"dashboard":"7.14.0"},"references":[{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"6fd25d07-386c-4e51-a9d7-6cbbc28e8ddb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"6fd25d07-386c-4e51-a9d7-6cbbc28e8ddb:indexpattern-datasource-layer-024165cc-1969-4c99-992e-b55b73090fde","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"6bfa527c-9b9f-4682-ac4d-df7086e6850a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"6bfa527c-9b9f-4682-ac4d-df7086e6850a:indexpattern-datasource-layer-97daefb0-050f-435e-8e89-367141f07b33","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"eeefb146-5bc5-434a-9665-afac53787633:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"eeefb146-5bc5-434a-9665-afac53787633:indexpattern-datasource-layer-1ae781ce-27e0-45f4-9902-d27d5f6e0b49","type":"index-pattern"},{"id":"ba3b8a50-016d-11ec-b222-43e9c7685688","name":"bc3b50aa-5624-412b-9b7b-2d14de5aab0c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"ba3b8a50-016d-11ec-b222-43e9c7685688","name":"bc3b50aa-5624-412b-9b7b-2d14de5aab0c:indexpattern-datasource-layer-a6e740be-36e6-416b-a4c8-f8dbdbdf4dce","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"e548f101-e615-46fc-8a53-e108c54d50f1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"119d36c0-ce30-11eb-9885-59d424b49d0b","name":"e548f101-e615-46fc-8a53-e108c54d50f1:indexpattern-datasource-layer-8e1f42c8-4975-4d21-a638-23fab0bbb266","type":"index-pattern"}],"type":"dashboard","updated_at":"2021-08-20T04:58:12.218Z","version":"WzQ1LDFd"}
{"attributes":{"fieldAttrs":"{\"alert.name\":{\"count\":2},\"action.name\":{\"count\":1},\"action_task_params.apiKey\":{\"count\":2},\"type\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"updated_at","title":".kibana"},"coreMigrationVersion":"7.14.0","id":"cab34e00-ce31-11eb-9885-59d424b49d0b","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-08-20T04:58:11.911Z","version":"WzQ0LDFd"}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":4,"missingRefCount":0,"missingReferences":[]}
@pmuellr

This comment has been minimized.

Copy link
Owner Author

@pmuellr pmuellr commented Jul 15, 2021

under construction

Built on an Elastic Stack 7.14.0 cloud deployment. For a 7.13.2 cloud deployment, see this gist.

Includes Kibana index patterns for .kibana, .kibana_task_manager, and .kibana-event-log-* and a dashboard over the event log.

Note: none of the index patterns nor the dashboard will be operational unless the user has read privileges to the indices referenced above. Those indices are currently accessible to the superuser, or could be explicitly given a user via roles / privleges.

The most straight-forward way to give users access to these, is to create a role specifically for this purpose, then give individual users that role. For instance, create a role named kibana-alerting-indices-read-only, with read privileges on .kibana-event-log-*, .kibana-task-manager, and .kibana.

Note: the data in these system indices will contain data from all users and spaces in Kibana, and does not provide any access control - only users who should be able to read any Kibana data for any user in any space should be given this role.

image

For more information on the Kibana event log, see https://github.com/elastic/kibana/tree/master/x-pack/plugins/event_log

The .ndjson file is available via short URL https://git.io/JE8mL, but is a redirect, so use the curl option -L to access it.

To install into your Kibana from the command line, you can download the .ndjson file and then import into Kibana via Stack Management / Saved Objects / Import. Or use the following command:

curl -L https://git.io/JE8mL | curl $KBN_URL/api/saved_objects/_import "-Ffile=@-;filename=kibana-alerting-o11y.ndjson" -H "kbn-xsrf: foo"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment