Critical alerts in your environment need to be delivered through a channel where you will actually see them right away. E-mail is always backlogged, and too many people filter alerts into a folder where they often end up sitting for hours, if not days. SMS and text-message alerts are ignored as often as car alarms for the same reason — there are just too many of them.
Noting the increasing use of the Slack in the tech world, we are proud to announce the integration of WebHooks into our ELK Stack alerts mechanism. This new feature easily allows customers to integrate our combined Elasticsearch, Logstash, and Kibana platform into Slack or any other third-party application or service that can accept WebHooks.
Using Slack to receive alerts makes it easy to get mobile notifications and collaborate as a team around production or support issues.
As an example, here is how you would add support for Slack integration to the Logz.io cloud-based ELK Stack as a service.
How to Integrate ELK Alerts and Slack
This tutorial assumes you have a Slack account. If not, you can go to slack.com to add one. It’s free (up to a point)!
Go to https://slack.com/apps and search for “Incoming WebHook”:
Select the account to which you want to send alerts:
Click “Add Configuration”:
Choose the Slack channel where you want to receive alerts, and click “Add Incoming WebHooks Integration”:
Get your Webhook URL (which we will use in a second):
Log into your Logz.io account (or create a new one there). Under the “Alerts” tab, select “Alert Endpoints” and then click on “Create Endpoint”:
Configure your endpoint:
- Under “Type” select “Slack”
- Under “Name” give your endpoint a unique one
- Under “Description” tell yourself why and what is that endpoint
- Under “URL” past the “Webhook URL” from Step 5
The form looks like this:
Save the endpoint and make sure it is working properly:
Configure an alert, and select the desired endpoint(s) under “Notification Endpoints.” Alerts can now be sent to those Slack locations in addition to e-mail addresses or as standalone notifications:
Wait for the alert to fire (as long as you have configured your log shipping to the Logz.io ELK properly, of course):
Be proud! Now, you can see all of your Logz.io ELK Stack alerts directly in your Slack feed along with your team messages and any other third-party integrations that you have created.
The Greater Context
How do they use it? A Kibana dashboard contains numerous charts that each separately show the activity of an individual part of one’s environment. Any spike or trough in any visualization represents activity that needs to be checked.
In the past, the Kibana part of the open-source ELK Stack did not contain an alerting mechanism. We added one, and we have now integrated WebHooks and Slack as well — making Kibana the unparalleled visualization platform in the world.