New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
Start Free Trial

ChaosSearch Blog

6 MIN READ

The Power of ChaosSearch Alerts

The Power of ChaosSearch Alerts
5:20

How can you derive value from data? One answer is to generate alerts based on the data. Alerts help your team stay on top of a variety of potential challenges – like application performance issues, security risks, disruptions to the CI/CD delivery chain and beyond.

 

The Power of ChaosSearch Alerts

 

ChaosSearch’s flexible alerting system makes it easy to generate alerts relevant to your organization’s needs. No matter where your data lives or which types of alerts you need to configure, ChaosSearch lets you do it – with a little help from Kibana along the way.

Here’s a look at how alerting works in ChaosSearch and what makes ChaosSearch alerting different from similar solutions.

 

ChaosSearch alerting overview

At ChaosSearch, we love open source and open standards. Therefore it’s only natural that rather than building a proprietary alert engine from scratch, we integrated Kibana into ChaosSearch to drive alerts. Specifically, we use Kibana 7.10 from Amazon’s Open Distro for Elasticsearch.

You can configure alerts via Kibana in ChaosSearch by navigating to Analytics > Alerts. Alert configurations are based on three primary factors:

  • Monitor: The type of condition or event you want to be alerted about.
  • Trigger: The threshold value that should cause a monitored condition or event to fire off an alert.
  • Destination: The channel where alert data will be reported.

READ: The Business Case for Switching from the ELK Stack

 

A flexible approach to alerting

Alongside open source tools like Kibana, we also love flexibility – which is why we designed ChaosSearch alerting to be as adaptable and customizable as possible. No matter which type (or types) of data you want to use to drive alerts, or where you want alerts to appear, it’s highly likely that ChaosSearch’s flexible alerting architecture will fit your needs.

ChaosSearch can monitor virtually any type of data source and generate alerts based on it. Some of the common examples of data sources we see our customers use for alerts include:

  • Application logs, including standard monolithic app logs as well as logs from microservices running on Kubernetes.
  • Authentication logs from systems like Okta, Auth0, Azure Active Directory and so on.
  • Cloud services logs, like Cloudtrail, Cloudwatch and VPC Flow logs.
  • CDN or Web Application Firewall logs from providers such as Cloudflare, Fastly, and Akamai.
  • CI/CD pipeline logs from systems like Jenkins and Github.

The list could go on. As long as your data is stored in a standard log format, JSON or CSV, ChaosSearch can search, analyze and fire alerts based on it.

ChaosSearch’s Kibana implementation also supports a wide range of alert destinations. From incident response platforms like PagerDuty and OpsGenie, to project management systems like Jira, to real-time collaboration tools like Slack and Microsoft Teams, and beyond, you can send alert data to a system of your choosing.

And, in the rare event that ChaosSearch doesn’t offer an integration with your favorite alert destination out-of-the-box, you can configure custom webhooks to send alerts to any RESTful API endpoint.

READ: How Log Analytics Powers Cloud Operations: Three Best Practices for CloudOps Engineers

 

ChaosSearch alerting use cases

The flexibility of ChaosSearch alerting makes the platform’s alerting system well-suited to a variety of use cases.

IT teams can use ChaosSearch to monitor application and infrastructure logs, then generate alerts based on anomalies like high rates of application errors or slow transaction times.

DevOps teams can configure alerts in ChaosSearch to track CI/CD operations and generate DevOps analytics. That way, they’ll find out instantly and automatically when a build or deployment has failed, or when operations are taking longer than expected.

For security teams, ChaosSearch alerts can monitor application, authentication and firewall logs to detect risks like suspicious logins, malicious network activity and DDoS attacks.

Even less technical users, like product managers or customer success teams, can put ChaosSearch alerts to work to monitor data such as which features users engage with most often, or how product usage varies over time.

READ: How to Keep DevOps in Sync with Business Needs

 

ChaosSearch alerts vs. Elasticsearch Watcher

If you’re familiar with Elasticsearch, you may be wondering how ChaosSearch alerting compares to Watcher, the main alerting functionality in Elasticsearch.

The answer is that they are similar. However, we think ChaosSearch alerts are better than Watcher, for a few reasons:

  • ChaosSearch’s console makes it easier to configure alerts.
  • ChaosSearch offers a wider set of out-of-the-box alert destinations. In Elasticsearch, you’d have to configure most destinations manually.
  • Because alerting in ChaosSearch is powered by Amazon Open Distro’s Kibana, there is no risk of becoming encumbered by Elastic.co licensing restrictions.

 

With ChaosSearch You’re Covered

The bottom line is, no matter what data you need to monitor or which types of alerts you want to configure, ChaosSearch can do it all – and does so without requiring complex alert configurations or potential software licensing headaches.

Start Your Free Trial

 

Additional Resources

Read the Blog: Managing the Mess of Modern IT: Log Analytics and Operations Engineering

Watch the Webinar: Advanced Analytics - Data Architecture Best Practices for Advanced Analytics

Check out the Whitepaper: DevOps Forensic Files: Using Log Analytics to Increase Efficiency

About the Author, Dave Armlin

Dave Armlin is the VP Customer Success of ChaosSearch. In this role, he works closely with new customers to ensure successful deployments, as well as with established customers to help streamline integrating new workloads into the ChaosSearch platform. Dave has extensive experience in big data and customer success from prior roles at Hubspot, Deep Information Sciences, Verizon, and more. Dave loves technology and balances his addiction to coffee with quality time with his wife, daughter, and son as they attack whatever sport is in season. He holds a Bachelor of Science in Computer Science from Northeastern University. More posts by Dave Armlin