Signals Alerting for Elasticsearch

Signals Alerting detects data anomalies in your Elasticsearch cluster and sends notifications by using a fully fledged escalation model. Perfectly integrated with Search Guard Security.

tile icon

Anomaly detection

Signals Alerting can detect anomalies in data stored in Elasticsearch and other IT systems. Correlate your already existing Elasticsearch data with data from any REST endpoint, run calculations and statistics, and trigger notification if an anomaly was detected. Fully integrated with Search Guard Security.

Actions & Notifications

If an anomaly is detected you can use a wide range of connectors to trigger an action: Create messages on Slack, send out an email, trigger a Pager Duty event, open a JIRA issue, write data back to Elasticsearch or post to a Webhook. Signals supports multiple connectors per Alert.

Escalation levels

The Signals Alerting escalation model makes it possible to tailor notifications and actions to your specific use case. Define how often notifications are sent to which connector, configure different thresholds and escalation levels and trigger one or more actions for each level. If a detected anomaly is resolved, you can send out additional notfications as well.

User Interface & REST API

Signals Alerting ships with a fully fledged Kibana user interface which only requires a couple of clicks to set up alerts. You can use the Graph mode, Blocks mode or JSON mode based on the complexity of your use case. The extensive REST API makes it possible to fully automate configuration.
Connectors
mail_outline
Email
Send out Email notifications by connecting to any SMTP provider. Supports TLS, StartTLS, Proxies and default fields.
message
Slack
Inform your team or individuals about anomalies by sending out a message on Slack.
phone_callback
PagerDuty
Open PagerDuty incidents from Signals Alerting automatically. The connnector supports resolving incidents in PagerDuty as soon as the watch has left alert state.
people_alt
JIRA
Create, open or resolve JIRA issues based on the state of an alert. Supports labels, components, priorities and subtasks.
http
Webhooks
Post data generated by an alert to any system that supports Webhooks. Includes full control over all HTTP headers.
storage
Elasticsearch
Write any data back to a local or remote Elasticsearch index for building time-series based datapoints.
Card Icon
Escalation by Severity Levels
Define severity levels and get notified on different channels for different levels. Send out Slack notifications for error conditions, and additional Email and PagerDuty alerts for critical conditions.
Card Icon
Resolve Notifications
A critical system condition is hopefully just temporary: Get notified once an alert is resolved and everything is back to normal.
Free Alerting for Elasticsearch.
Bundled and integrated with Search Guard.
Single download and install
Signals Alerting is bundled with any Search Guard download for Elasticsearch > 7.4. A single plugin install that provides both Security and Alerting features. It was never easier to supercharge your Elasticsearch cluster
Free Community Edition - forever
The Community Edition of Signals Alerting is free and will always be. Signals Alerting is ASL2 licensed, so you can use it for any project, commercial or other, and even bundle it with your own projects.
Fully integrated with Search Guard Security
Signals Alerting is fully integrated with all Search Guard Security features. Control access to alerts, configure who can receive notifications, separate alert access by using Search Guard Multi Tenancy and leverage advanced features like Document- and Field-level security.
Give Signals Alerting a spin!

Give Signals Alerting a spin!

Follow these simple steps to install Signals Alerting to your Elasticsearch cluster.
arrow icon
follow us
twitter iconfacebook iconlinkedIn iconyoutube icon
Search Guard Newsletter
For the latest product developments, new versions and cybersecurity news, sign up to our newsletter.