Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
61 commits
Select commit Hold shift + click to select a range
6ab58fb
[Alerting v2][Serverless]: Docs for initial public release (#5527)
nastasha-solomon Mar 17, 2026
3910ffd
Fix broken cross-references in kibana-alerting-v1 files
nastasha-solomon Mar 17, 2026
99f1fab
Add alerting v2 manifest
nastasha-solomon Mar 23, 2026
b965093
Merge origin/main into alerting-v2-docs
nastasha-solomon Mar 23, 2026
99e6ac9
Addresses issues in audit report
nastasha-solomon Mar 23, 2026
801e820
updated old terms
nastasha-solomon Mar 23, 2026
0526d32
fixed links
nastasha-solomon Mar 23, 2026
adc6f44
Remove implementation details
nastasha-solomon Mar 30, 2026
a758cb3
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Mar 30, 2026
38d6001
Refresh and updates to event and action indices
nastasha-solomon Mar 30, 2026
1b3e321
Merge branch 'alerting-v2-docs' of https://github.com/elastic/docs-co…
nastasha-solomon Mar 30, 2026
13c9a8f
fix front matter
nastasha-solomon Mar 30, 2026
d28c440
Simplify table lead ins
nastasha-solomon Mar 30, 2026
0933fbf
re-adds episode.status_count
nastasha-solomon Mar 30, 2026
640efe7
Add unified Rules page note from main to create-manage-rules-v1
nastasha-solomon Apr 14, 2026
43eb7e0
Merge origin/main into alerting-v2-docs
nastasha-solomon Apr 14, 2026
a3973a0
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 16, 2026
e27659e
Fix
nastasha-solomon Apr 17, 2026
cd2a400
Merge remote-tracking branch 'origin/main' into alerting-v2-docs
nastasha-solomon Apr 17, 2026
43ebcf9
Changed instances of notification policy to action policy (#5978)
nastasha-solomon Apr 17, 2026
892a63d
Merge remote-tracking branch 'origin/rename-notification-policies' in…
nastasha-solomon Apr 17, 2026
3218bf4
fix(docs): register H1 anchor IDs for action policy redirect remaps
nastasha-solomon Apr 17, 2026
ccde9ff
Merge branch 'alerting-v2-docs' of https://github.com/elastic/docs-co…
nastasha-solomon Apr 17, 2026
beffb40
[Alerting v2] Adds to entry points and getting started (#5902)
nastasha-solomon Apr 21, 2026
18c71be
fix redirects
nastasha-solomon Apr 21, 2026
fad6482
fixe redirects
nastasha-solomon Apr 21, 2026
f2daea5
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 21, 2026
74977b3
More redirect fixes
nastasha-solomon Apr 21, 2026
98eb746
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 21, 2026
190d158
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 21, 2026
f967e8f
Adds conceptual content and renames files for alerting v2 (#6042)
nastasha-solomon Apr 21, 2026
5b464b6
Update file name refs
nastasha-solomon Apr 21, 2026
2c33baa
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 21, 2026
438ae27
even more file name ref updates
nastasha-solomon Apr 21, 2026
6692934
Adds quickstart guide and improves setup and orientation pages (#6045)
nastasha-solomon Apr 21, 2026
83ca2e7
updated notification ref
nastasha-solomon Apr 21, 2026
b68de17
fix applies to tags
nastasha-solomon Apr 21, 2026
7f888bc
fix typos
nastasha-solomon Apr 22, 2026
5bc08ad
fixed refs to renamed page
nastasha-solomon Apr 22, 2026
8ffd88f
updates toc
nastasha-solomon Apr 22, 2026
a56835a
remove old file
nastasha-solomon Apr 22, 2026
da070bb
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 24, 2026
89f953a
Adds more to dispatcher docs (#6114)
nastasha-solomon Apr 25, 2026
d7e7019
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 25, 2026
f0f33a1
Addresses some issues flagged by vale
nastasha-solomon Apr 26, 2026
583b481
Hid sections that are blocked
nastasha-solomon Apr 26, 2026
20cadee
fix tables and annotations
nastasha-solomon Apr 26, 2026
21ca754
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 27, 2026
65c5507
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 28, 2026
82fcaca
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 28, 2026
23aa518
Merge branch 'main' into alerting-v2-docs
nastasha-solomon Apr 28, 2026
0a4c0fe
Merge branch 'main' into alerting-v2-docs
nastasha-solomon May 1, 2026
30aca5f
Adds images
nastasha-solomon May 1, 2026
c279b06
Merge branch 'main' into alerting-v2-docs
nastasha-solomon May 1, 2026
baae64f
Merge remote-tracking branch 'origin/main' into alerting-v2-docs
nastasha-solomon May 13, 2026
9617140
Update explore-analyze/alerting/kibana-alerting-v2/notifications-v2.md
nastasha-solomon May 14, 2026
99827b3
Update explore-analyze/alerting/kibana-alerting-v1/alerting-setup-v1.md
nastasha-solomon May 14, 2026
299c0d9
Update explore-analyze/alerting/kibana-alerting-v2/alerts/view-and-ma…
nastasha-solomon May 14, 2026
5e01a8c
Apply suggestion from @nastasha-solomon
nastasha-solomon May 14, 2026
a438210
terminology consistency edits
nastasha-solomon May 14, 2026
486840c
frequency term consistency
nastasha-solomon May 14, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@

The instructions in this section describe how to connect the operator and managed resources to the Istio service mesh and assume that Istio is already installed and configured on your Kubernetes cluster. To know more about Istio and how to install it, check the [product documentation](https://istio.io).

These instructions have been tested with Istio 1.24.3. Older or newer versions of Istio might require additional configuration steps not documented here.

Check notice on line 15 in deploy-manage/deploy/cloud-on-k8s/k8s-service-mesh-istio.md

View workflow job for this annotation

GitHub Actions / build / vale

Elastic.Versions: Use 'or later' instead of 'or newer' when referring to versions.

::::{warning}
Some {{stack}} features such as [{{kib}} alerting and actions](/explore-analyze/alerting.md) rely on the {{es}} API keys feature which requires TLS to be enabled at the application level. If you want to use these features, you should not disable the self-signed certificate on the {{es}} resource and enable `PERMISSIVE` mode for the {{es}} service through a `DestinationRule` or `PeerAuthentication` resource. Strict mTLS mode is currently not compatible with {{stack}} features requiring TLS to be enabled for the {{es}} HTTP layer.
Some {{stack}} features such as [{{kib}} alerting and actions](/explore-analyze/alerting-overview.md) rely on the {{es}} API keys feature which requires TLS to be enabled at the application level. If you want to use these features, you should not disable the self-signed certificate on the {{es}} resource and enable `PERMISSIVE` mode for the {{es}} service through a `DestinationRule` or `PeerAuthentication` resource. Strict mTLS mode is currently not compatible with {{stack}} features requiring TLS to be enabled for the {{es}} HTTP layer.
::::


Expand Down
2 changes: 1 addition & 1 deletion deploy-manage/deploy/deployment-comparison.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ For more details about feature availability in {{serverless-short}}, refer to []
| Feature/capability | Fully self-managed, ECE, ECK | ECH | {{serverless-short}} |
|-------------------|-------------------------------|---------|----------------------|
| [Deployment health monitoring](/deploy-manage/monitor.md) | AutoOps or monitoring cluster | AutoOps or monitoring cluster | Managed by Elastic |
| [Alerting](/explore-analyze/alerting.md) | Watcher or {{kib}} alerts | Watcher or {{kib}} alerts | Alerts ([why?](/explore-analyze/alerting.md#watcher)) |
| [Alerting](/explore-analyze/alerting-overview.md) | Watcher or {{kib}} alerts | Watcher or {{kib}} alerts | Alerts ([why?](/explore-analyze/alerting-overview.md#watcher)) |

## Data lifecycle

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ $$$ec-restrictions-network-security-kibana-sso$$$
## {{kib}} [ec-restrictions-kibana]

* The maximum size of a single {{kib}} instance is 8GB. This means, {{kib}} instances can be scaled up to 8GB before they are scaled out. For example, when creating a deployment with a {{kib}} instance of size 16GB, then 2x8GB instances are created. If you face performance issues with {{kib}} PNG or PDF reports, the recommendations are to create multiple, smaller dashboards to export the data, or to use a third party browser extension for exporting the dashboard in the format you need.
* Running an external {{kib}} in parallel to {{ecloud}}’s {{kib}} instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerting/alerts/alerting-common-issues.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](kibana://reference/configuration-reference/security-settings.md#security-encrypted-saved-objects-settings) as {{ecloud}} does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
* Running an external {{kib}} in parallel to {{ecloud}}’s {{kib}} instances may cause errors, for example [`Unable to decrypt attribute`](../../../explore-analyze/alerting/kibana-alerting-v1/alerting-common-issues-v1.md#rule-cannot-decrypt-api-key), due to a mismatched [`xpack.encryptedSavedObjects.encryptionKey`](kibana://reference/configuration-reference/security-settings.md#security-encrypted-saved-objects-settings) as {{ecloud}} does not [allow users to set](edit-stack-settings.md) nor expose this value. While workarounds are possible, this is not officially supported nor generally recommended.
* Workflows using the `elasticsearch.bulk` step might mishandle bulk operations in Elastic Cloud Hosted. Bulk action metadata (such as `index`, `create`, `update`, or `delete`) can be interpreted as document data, which might cause unexpected behavior for bulk operations beyond basic indexing. The workaround is to use a generic Elasticsearch request action in the workflow to call the Bulk API directly instead of using the `elasticsearch.bulk` step. For more information, refer to [Generic request actions](https://www.elastic.co/docs/explore-analyze/workflows/steps/elasticsearch#generic-request-actions). This issue is fixed in Serverless deployments.


Expand Down
2 changes: 1 addition & 1 deletion deploy-manage/deploy/elastic-cloud/tools-apis.md
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ serverless: unavailable

## Elastic Cloud email service

{{ecloud}} provides a built-in email service used by the preconfigured [email connector](kibana://reference/connectors-kibana/email-action-type.md), available in both {{ech}} deployments and {{serverless-full}} projects. This service can be used to send [alert](/explore-analyze/alerting/alerts.md) notifications and is also supported in {{ech}} by [Watcher](/explore-analyze/alerting/watcher/enable-watcher.md).
{{ecloud}} provides a built-in email service used by the preconfigured [email connector](kibana://reference/connectors-kibana/email-action-type.md), available in both {{ech}} deployments and {{serverless-full}} projects. This service can be used to send [alert](/explore-analyze/alerting/kibana-alerting-v1.md) notifications and is also supported in {{ech}} by [Watcher](/explore-analyze/alerting/watcher/enable-watcher.md).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does v2 not use the email service?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes but not directly. It would be indirectly via workflow - > connectors


### Email service limits

Expand Down
4 changes: 2 additions & 2 deletions deploy-manage/manage-connectors.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ You can find the **{{connectors-ui}}** management page in the navigation menu or

## Required permissions [_required_permissions_2]

Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to [Security](../explore-analyze/alerting/alerts/alerting-setup.md#alerting-security).
Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to [Security](../explore-analyze/alerting/kibana-alerting-v1/alerting-setup-v1.md#alerting-security).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if connectors are only used by alerting v1 (or rely on a permission set only used by alerting v1), we might need to edit this page further.


## Connector networking configuration [_connector_networking_configuration]

Expand Down Expand Up @@ -92,6 +92,6 @@ If a connector is missing sensitive information after the import, a **Fix** butt

## Monitoring connectors [monitoring-connectors]

You can query the [Event log index](/explore-analyze/alerting/alerts/event-log-index.md) to gather information on connector successes and failures.
You can query the [Event log index](/explore-analyze/alerting/kibana-alerting-v1/event-log-index-v1.md) to gather information on connector successes and failures.

If you're using {{stack}}, then you can also use the [Task Manager health API](/deploy-manage/monitor/kibana-task-manager-health-monitoring.md) to monitor connector performance. However, if connectors fail to run, they will report as successful to Task Manager. The failure stats will not accurately depict connector failures.
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ The Runtime `status` indicates whether task executions have exceeded any of the
::::{important}
Some tasks (such as [connectors](../manage-connectors.md)) will incorrectly report their status as successful even if the task failed. The runtime and workload block will return data about success and failures and will not take this into consideration.

To get a better sense of action failures, refer to the [Event log index](../../explore-analyze/alerting/alerts/event-log-index.md) for more accurate context into failures and successes.
To get a better sense of action failures, refer to the [Event log index](../../explore-analyze/alerting/kibana-alerting-v1/event-log-index-v1.md) for more accurate context into failures and successes.
::::

The Capacity Estimation `status` indicates the sufficiency of the observed capacity. An `OK` status means capacity is sufficient. A `Warning` status means that capacity is sufficient for the scheduled recurring tasks, but non-recurring tasks often cause the cluster to exceed capacity. An `Error` status means that there is insufficient capacity across all types of tasks.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ products:

# Stack monitoring alerts [kibana-alerts]

The {{stack}} {{monitor-features}} provide [Alerting rules](../../../explore-analyze/alerting/alerts.md) out-of-the box to notify you of potential issues in the {{stack}}. These rules are preconfigured based on the best practices recommended by Elastic. However, you can tailor them to meet your specific needs.
The {{stack}} {{monitor-features}} provide [Alerting rules](../../../explore-analyze/alerting/kibana-alerting-v1.md) out-of-the box to notify you of potential issues in the {{stack}}. These rules are preconfigured based on the best practices recommended by Elastic. However, you can tailor them to meet your specific needs.

:::{image} /deploy-manage/images/kibana-monitoring-kibana-alerting-notification.png
:alt: {{kib}} alerting notifications in {{stack-monitor-app}}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ products:

2. Adjust the time period for the visualizations as needed.

3. From this page you can also [create alerts](/explore-analyze/alerting/alerts/create-manage-rules.md) to be triggered when the {{integrations-server}} metrics meet a defined set of conditions.
3. From this page you can also [create alerts](/explore-analyze/alerting/kibana-alerting-v1/create-manage-rules-v1.md) to be triggered when the {{integrations-server}} metrics meet a defined set of conditions.

**To view metrics for a specific {{integrations-server}} instance:**

Expand All @@ -41,4 +41,4 @@ products:

1. Adjust the time period for the visualizations as needed.

1. As with the **APM server overview** page, you can also [create alerts](/explore-analyze/alerting/alerts/create-manage-rules.md) to be triggered when the instance metrics meet a defined set of conditions.
1. As with the **APM server overview** page, you can also [create alerts](/explore-analyze/alerting/kibana-alerting-v1/create-manage-rules-v1.md) to be triggered when the instance metrics meet a defined set of conditions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ Rule and action tasks can run late or at an inconsistent schedule. This is typic

You can address such issues by tweaking the [Task Manager settings](kibana://reference/configuration-reference/task-manager-settings.md) or scaling the deployment to better suit your use case.

For detailed guidance, see [Alerting Troubleshooting](../../explore-analyze/alerting/alerts/alerting-troubleshooting.md).
For detailed guidance, see [Alerting Troubleshooting](../../explore-analyze/alerting/kibana-alerting-v1/alerting-troubleshooting-v1.md).

::::

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ How you deploy {{kib}} largely depends on your use case. If you are the only use

## Scalability

With the introduction of new capabilities such as [{{kib}} Alerting](/explore-analyze/alerting.md) and the [Detection Rules](/solutions/security/detect-and-alert.md) engine, critical components for [Observability](/solutions/observability.md) and [Security](/solutions/security.md) solutions, the scalability factors have evolved significantly.
With the introduction of new capabilities such as [{{kib}} Alerting](/explore-analyze/alerting-overview.md) and the [Detection Rules](/solutions/security/detect-and-alert.md) engine, critical components for [Observability](/solutions/observability.md) and [Security](/solutions/security.md) solutions, the scalability factors have evolved significantly.
Comment thread
nastasha-solomon marked this conversation as resolved.

Now, Kibana’s resource requirements extend beyond user activity. The system must also handle workloads generated by automated processes, such as scheduled alerts, background detection rules, and other periodic tasks. These operations are managed by [{{kib}} Task Manager](./kibana-task-manager-scaling-considerations.md), which is responsible for scheduling, executing, and coordinating all background tasks.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@
- id: kibana
---

# {{kib}} task manager: performance and scaling guide [task-manager-production-considerations]

Check notice on line 15 in deploy-manage/production-guidance/kibana-task-manager-scaling-considerations.md

View workflow job for this annotation

GitHub Actions / build / vale

Elastic.HeadingColons: Capitalize ': p'.

{{kib}} Task Manager is leveraged by features such as [alerting](/explore-analyze/alerting/alerts.md), [actions](/explore-analyze/alerting/alerts.md#rules-actions), and [reporting](/explore-analyze/report-and-share.md) to run mission critical work as persistent background tasks. These background tasks distribute work across multiple {{kib}} instances. This has three major benefits:
{{kib}} Task Manager is leveraged by features such as [alerting](/explore-analyze/alerting/kibana-alerting-v1.md), [actions](/explore-analyze/alerting/kibana-alerting-v1.md#rules-actions), and [reporting](/explore-analyze/report-and-share.md) to run mission critical work as persistent background tasks. These background tasks distribute work across multiple {{kib}} instances. This has three major benefits:

- **Persistence**: All task state and scheduling is stored in {{es}}, so if you restart {{kib}}, tasks will pick up where they left off.
- **Scaling**: Multiple {{kib}} instances can read from and update the same task queue in {{es}}, allowing the work load to be distributed across instances. If a {{kib}} instance no longer has capacity to run tasks, you can increase capacity by adding additional {{kib}} instances.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ This guide introduces you to three basic user and access management features: [s

Do you have multiple teams using {{kib}}? Do you want a “playground” to experiment with new visualizations or rules? If so, then [{{kib}} Spaces](../../manage-spaces.md) can help.

Think of a space as another instance of {{kib}}. A space allows you to organize your [dashboards](../../../explore-analyze/dashboards.md), [rules](../../../explore-analyze/alerting/alerts.md), [machine learning jobs](../../../explore-analyze/machine-learning/machine-learning-in-kibana.md), and much more into their own categories. For example, you might have a **Marketing** space for your marketers to track the results of their campaigns, and an **Engineering** space for your developers to [monitor application performance](/solutions/observability/apm/index.md).
Think of a space as another instance of {{kib}}. A space allows you to organize your [dashboards](../../../explore-analyze/dashboards.md), [rules](../../../explore-analyze/alerting/kibana-alerting-v1.md), [machine learning jobs](../../../explore-analyze/machine-learning/machine-learning-in-kibana.md), and much more into their own categories. For example, you might have a **Marketing** space for your marketers to track the results of their campaigns, and an **Engineering** space for your developers to [monitor application performance](/solutions/observability/apm/index.md).

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in this context we maybe want to link to the general alerting page (if spaces are relevant still to v2), because spaces work for stack + serverless


The assets you create in one space are isolated from other spaces, so when you enter a space, you only see the assets that belong to that space.

Expand Down
Loading
Loading