Skip to Content
Technical Articles

SAP Cloud Platform Alert Notification – receive alerts from Kibana

The efficient management of business-critical systems requires not only a powerful monitoring but also a truly reliable alerting mechanism. When it comes to monitoring, any system needs a different set of tools and utilities to ensure that each potential issue is prevented or noticed as soon as it happens. On the other hand when it comes to alerting, any support team needs one and the same – real-time alerting from all system components to the preferred and easy-to-use channel, where immediate action is taken. One year ago, SAP Cloud Platform introduced the SAP Cloud Platform Alert Notification service – the real-time alerting tool that gathers information throughout the entire platform, then delivers it conveniently to everyone who needs it. Now – an year later, we expand beyond the SAP Cloud Platform, so that we can satisfy the diversity of needs among our customers and partners. We introduce the possibility to gather information from third-party and open source monitoring tools. Only with such integrations, we could achieve the unified alerting model among all components part of a business-critical system.

Today, we will focus on how to adopt the common alerting model when we have Kibana for application monitoring in place. Especially, we will explore the case when Kibana’s version is equal to or higher than 7.7. where it is for the first time exposed their new alerting framework which is capable of raising alerts from within the SIEM, APM, Metrics, and Uptime applications.

Throughout the blog post, we will walk through the simple steps to feed a  simple index threshold alert into SAP Cloud Platform Alert Notification service. Then we will receive this alert as an e-mail message to verify that it looks like just any other SAP Cloud Platform event.

As prerequisites, two points are needed before starting:

 

Set up SAP Cloud Platform Alert Notification


At first, we need to get credentials that allow Kibana to send alerts to Alert Notification. For this purpose let’s navigate to our Alert Notification instance using the SAP Cloud Platform Cockpit, then go to the Security menu (for Neo accounts) or to the Service Keys menu (for Cloud Foundry accounts). Now we are ready to create a credentials pair of type BASIC authentication that has the ALERT_WRITE permission. To achieve this, do the following according to your environment:

  • for Neo, follow the steps described here

Create%20technical%20client%20in%20Neo%20environment

  • for Cloud Foundry, follow the steps described here

Create%20service%20key%20in%20Cloud%20Foundry%20environment

Once, the credential pair is created, make sure to save the client id and client secret in a secure place, so that we could use them later while configuring Kibana.

The second point of our Alert Notification setup is the configuration that tells it how to react when a Kibana alert is received. Let’s start by setting up a simple Alert Notification configuration that will catch any Kibana alert coming, then it will send it to my.mailbox@sap.com. If you want to further filter the upcoming alerts, you could do it later as described in Managing Subscriptions.

You can replicate the configuration in your SAP Cloud Platform Alert Notification instance by the Import feature of the service. Below is the payload you need to import.

Do not forget to replace the e-mail destination with your own email address. After importing, you will receive an automatic message that prompts you to confirm your willingness to receive events on this address.

{ 
  "conditions": [ 
    { 
       "name": "AllKibanaAlerts", 
       "propertyKey": "eventType", 
       "predicate": "STARTS_WITH", 
       "propertyValue": "KibanaAlert" 
    } 
  ], 
  "actions": [ 
    { 
       "name": "NotifyMeByEmail", 
       "state": "ENABLED", 
       "destination": "<your.email@here>", 
       "type": "EMAIL" 
    } 
  ], 
  "subscriptions": [ 
    { 
       "name": "AllKibanaAlertsToMyEmail", 
       "conditions": [ 
           "AllKibanaAlerts" 
       ], 
       "actions": [ 
           "NotifyMeByEmail" 
       ], 
       "state": "ENABLED" 
    } 
  ] 
} 

 

 

Set up Kibana Alerts


Note: The screenshots below are taken from Kibana 7.9.1.

After launching your Kibana instance, navigate to its Management section, then Stack Management. In the Alerts and Insights menu, select Alerts and Actions. You will end up in a view like this:

Let’s start by creating a connector that will route alerts to Alert Notification. Navigate to the Connectors tab, then click on Create connector:

  1. Select a connector of type Webhook
  2. Provide it a name
  3. Choose the POST method
  4. Insert an URL to the SAP Cloud Platform Alert Notification Producer API. Notes on how to extract it:
    • for Neo accounts, it is the base Event Producer URL, followed by /neo/producer/v1/resource-events. The base Event Producer URL is available in the Security view of your Alert Notification instance in the SAP Cloud Platform Cockpit:

    • for Cloud Foundry accounts, it is the url available in your Service Key, followed by /cf/producer/v1/resource-events:

    •  

  5. Enter username and password – those are the client id and client secret we saved previously
  6. Add Content-Type header with value application/json

Here is how my connector looks like when my Alert Notification instance is located in Europe (Frankfurt):

Having a connector set up, we are ready to create also an alert. Let’s navigate to the Alerts tab and click on Create alert button. We will create very simple Index threshold alert that could be triggered either in well-setup Kibana environment or in a brand new one:

  • Provide alert name, some tags (optional), checks and notifications frequencies:

  • Select the trigger type and set it up accordingly – index name, grouping field and condition shall be adapted according to your own Kibana environment. In this example, I’ve used the default index in my trial deployment with sample data :

  • Finally, we select an action to be executed on raising such an alert – we’ll use the webhook to Alert Notification we’ve just created with the following sample payload:
    {
        "eventType": "KibanaAlert",
        "resource": {
            "resourceName": "{{alertName}}",
            "resourceType": "cloud-resource",
            "tags": {
                "spaceId": "{{spaceId}}"
            }
        },
        "severity": "INFO", 
        "category": "ALERT", 
        "subject": "Alert '{{alertName}}' triggered",
        "body": "Index threshold alert with name {{actionName}} was triggered.",
        "tags": {
            "alertInstanceId": "{{alertInstanceId}}",
            "alertId": "{{alertId}}",
            "tags": "{{tags}}"
        }
    }​

After saving the alert, wait for a couple of minutes and check your mailbox. You will receive an SAP Cloud Platform Alert Notification event as follows:

 

Would you like to further explore this scenario? See Integrating with Kibana at SAP Help Portal.


This blog post is part of a series of blog posts related to integration between third-party monitoring tools and SAP Cloud Platform Alert Notification service. We will continuously add newly released integrations to this blog, so stay tuned!

We ask you – our customers and partners – to join us in our integration journey! Tell us what you use for monitoring solutions, what you need to integrate with them; tell us your experience, and what your alerting needs are!

1 Comment
You must be Logged on to comment or reply to a post.