To create a watch, log in to Kibana (http://localhost:5601) as elastic/elastic and navigate to the Management UI; click on Watcher in the Elasticsearch section. Two options are available for creating alerts:
- Create threshold alert
- Create advanced watch:
By using the Threshold alert option, you can create a threshold-based alert to get notified when a metric goes above or below a given threshold. Using this UI, users can easily create threshold-based alerts without worrying about directly working with raw JSON requests. This UI provides options for creating alerts on time-based indices only (that is, the index has a timestamp).
Using the Advanced watch options, you can create watches by directly working with the raw .json required for the watches API.
The Watcher UI requires a user with kibana_user and watcher_admin privileges to create, edit, delete, and deactivate a watch.