I’d love to get alerts based on my ELK stack, which I set up in Enclave. Anyone have any advice about getting a Kibana-with-X-Pack container going in Enclave? Anyone know of a reason why running the available docker image with X-Pack wouldn’t run on Enclave?
Thanks,
Jessica
Hi Jessica,
Regarding the X-Pack alerting plugin: we may be able to install it for you, but you’d need to provide us with an Elasticsearch license to do so; it’s not abundantly clear from the Elastic documentation, but the X-Pack is actually something you need to pay for (at the “Gold” level, for Alerting via Watcher): https://www.elastic.co/subscriptions.
Assuming you commit to purchasing an Elasticsearch license, we should be able to coordinate the installation of the plugin.
There might be a bit of engineering work required for us to support this, so here’s what we suggest:
- Reach out to Elasticsearch an investigate whether their pricing works for you.
- If it does, let us know and we’ll investigate adding support.
- Once we give you the go-ahead, buy the license, and we’ll set things up for you.
If you’re looking for alternatives, you might consider using a third-party logging provider instead of a self-hosted ELK stack. LogDNA and Sumo Logic both sign BAAs, for example, and provide friendly UIs that include functionality to set up log-based alerts.
— Frank
Thanks, Frank, for the clarification. I didn’t know that Watcher wasn’t free.
With that in mind, and since I’m already using Sumo Logic on a free plan for our non-prod environments, my next step will be to explore a Sumo Logic plan with a BAA.
Jessica
Hi @jessica,
For what it’s worth, we’ve been on a paid plan with Sumo Logic (that includes a BAA) and we’ve been happy with them. Aptible of course makes the integration dead easy, like you’ve probably already seen from the free plan.
If we can answer any questions or help with anything, feel free to reach out any time.
Thanks,
-Joe
Thanks @JoeSchmid for the vote of confidence. On question comes to mind: do you happen to use New Relic Insights? I hear there is a Sumo Logic integration possible with New Relic, if you have the necessary plans on each service.
@jessica we use DataDog rather than New Relic so I don’t have any experience with that one in particular. The webhook-based SumoLogic integrations (like for New Relic) seem pretty straightforward though so I would think that’s a viable option - definitely worth testing out in a trial mode if you can.
Hey @jessica - quite late with my reply, but for what it’s worth, I was testing Elastalert (https://github.com/Yelp/elastalert) deployed in Aptible as a free alternative for Elasticsearch monitoring (as the Elasticsearch licence to get X-Pack was quite pricey). It works pretty nice - having 1 Elastalert app deployed in our monitoring environment and wrote a bunch of alerting rules to run agains any number of ES DBs deployed in other environments. Happy to provide more details if anyone is interested.