Alerting for Elasticsearch and Kibana

Signals Alerting for Elasticsearch and Kibana detects data anomalies in your Elasticsearch cluster and sends notifications on various channels. Fully integrated with Search Guard Security. For free.

tile icon

Elasticsearch Anomaly detection

Signals Alerting for Elasticsearch can detect anomalies in data stored in Elasticsearch and other IT systems. Correlate your already existing Elasticsearch data with data from any REST endpoint, run calculations and statistics, and trigger notification if an anomaly was detected. Fully integrated with Search Guard Security.

Alerting Actions & Notifications

If an anomaly is detected in your Elasticsearch data you can use a wide range of connectors send alerting notifications: Create messages on Slack, send out an email, trigger a Pager Duty event, open a JIRA issue, write data back to Elasticsearch or post to a Webhook. Supports multiple connectors per Alert.

Escalation levels

The Signals Alerting for Elasticsearch escalation model makes it possible to tailor notifications and actions to your specific use case. Define how often alerts are sent to which connector, configure different thresholds and escalation levels and trigger one or more alerts for each level. If a detected anomaly is resolved, you can send out additional notifications as well.

Kibana User Interface & REST API

Signals Alerting for Elasticsearch ships with a fully fledged Kibana user interface which only requires a couple of clicks to set up alerts. You can use the Graph mode, Blocks mode or JSON mode based on the complexity of your use case. Use the extensive REST API to fully automate your alerts configuration.


Send out Email notifications by connecting to any SMTP provider. Supports TLS, StartTLS, Proxies and default fields.
Inform your team or individuals about anomalies by sending out a message on Slack.
Open PagerDuty incidents from Signals Alerting automatically. The connnector supports resolving incidents in PagerDuty as soon as the watch has left alert state.
Create, open or resolve JIRA issues based on the state of an alert. Supports labels, components, priorities and subtasks.
Post data generated by an alert to any system that supports Webhooks. Includes full control over all HTTP headers.
Write any data back to a local or remote Elasticsearch index for building time-series based datapoints.
Card Icon
Escalation by Severity Levels
Define severity levels and get notified on different channels for different levels. Send out Slack notifications for error conditions, and additional Email and PagerDuty alerts for critical conditions.
Card Icon
Resolve Notifications
A critical system condition is hopefully just temporary: Get notified once an alert is resolved and everything is back to normal.

Free Alerting for Elasticsearch and Kibana.
Bundled and integrated with Search Guard.

Single download and install
Signals Alerting is bundled with any Search Guard download for Elasticsearch > 7.4. A single plugin install that provides both Security and Alerting features. It was never easier to supercharge your Elasticsearch cluster
Free Community Edition - forever
The Community Edition of Signals Alerting is free and will always be. Signals Alerting is ASL2 licensed, so you can use it for any project, commercial or other, and even bundle it with your own projects.
Fully integrated with Search Guard Security
Signals Alerting is fully integrated with all Search Guard Security features. Control access to alerts, configure who can receive notifications, separate alert access by using Search Guard Multi Tenancy and leverage advanced features like Document- and Field-level security.
Give Signals Alerting a spin!

Give Signals Alerting a spin!

Follow these simple steps to install Signals Alerting to your Elasticsearch cluster.
arrow icon
follow us
twitter iconfacebook iconlinkedIn iconyoutube icon
Search Guard Newsletter
For the latest product developments, new versions and cybersecurity news, sign up to our newsletter.