Era Software

Alerting with EraSearch

Estimated reading time: 2 minutes

This page shows how to use alerting in the EraSearch UI. By the end of this guide, you'll have an alert rule that sends alert notifications to Slack.

While this guide uses Slack as the notification channel, the UI also supports PagerDuty and Webhooks.

Before you begin

The steps below assume you have an EraCloud account and a Slack Webhook URL.

Sample data

This guide creates an alert on sample, real-time data. See steps one and two in Writing data with Vector to use the same data.


Step 1: Access the EraSearch UI

To get to the EraSearch UI, sign in to your EraCloud account and click EraSearch UI.

Step 2: Configure the notification channel

Follow these steps to create a Slack notification channel:

  1. Click the Alerts tab and + Add channel
  2. Configure your notification channel:
    1. For Name, give your notification channel a name, for example, Team alerts channel
    2. For Type, select Slack
    3. For Webhook URL, enter your existing Slack Webhook URL
    4. For the last input, enter the channel associated with your Slack Webhook URL, for example, team-alerts
  3. Click Save notification

Step 3: Configure the alert rule

Follow these steps to configure and test your alert rule:

  1. In the EraSearch UI, click + Add rule
  2. Set the details for your alert rule:
    1. For Name, give a name that'll appear in the alert notification
      • Example: GET 404 errors
    2. For Description, add details you want to include in the alert notification
      • Example: Check backend services
    3. For Query, enter a query using Elasticsearch's query string syntax
      • Example: code:404 AND method:GET AND size:>3000
  3. Set the conditions for your alert rule by selecting items in the IF, WITHIN, and NOTIFY drop-downs
  4. Click Test rule to check your configuration and get a sample alert notification in Slack
  5. Click Save rule to enable the alert rule

You've officially configured an alert! Note that you can click the megaphone icon to mute and unmute your alert in the UI.

Next steps

Visit these pages for more on working with and exploring data in EraSearch: