Versions Compared

Old Version 3

changes.mady.by.user Shivi Sivasubramanian

Saved on

compared with

New Version 4

changes.mady.by.user Shivi Sivasubramanian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Select the Acknowledge alerts in X-Pack Alerting checkbox in the Outgoing section of the integration configuration page.

  2. Edit the integration settings and select Authenticate with an X-Pack Alerting account. Set the following values:

    1. Enter the action ID into X-Pack Alerting Action Id.

    2. Enter your X-Pack Alerting host URL into X-Pack Alerting Host URL. Specify the full URL address as [protocol]://yourserveraddr:[port]. For example: http://yourserver.com:9200

  3. Select Save.

Sample payload

Expand
titleIn JSON format
Code Block
{
  "id": "event_critical_watch_249-2016-09-28T11:31:05.955Z",
  "vars": {},
  "trigger": {
    "triggered_time": "2016-09-28T11:31:05.955Z",
    "scheduled_time": "2016-09-28T11:31:05.511Z"
  },
  "execution_time": "2016-09-28T11:31:05.955Z",
  "watch_id": "event_critical_watch",
  "payload": {
    "hits": {
      "total": 1,
      "hits": [
        {
          "_type": "event",
          "_source": {
            "eventDescription": "System has detected 3 failed login attempts",
            "eventId": 1,
            "eventName": "3 failed login attempts",
            "eventType": "LOG",
            "eventCategory": "CRITICAL"
          },
          "_id": 1,
          "_index": "event",
          "_score": 0.30685282
        }
      ],
      "max_score": 0.30685282
    },
    "_shards": {
      "total": 1,
      "failed": 0,
      "successful": 1
    },
    "timed_out": false,
    "took": 1
  },
  "metadata": "null"
}

...