Siren Alert alerts and detections can be superimposed over visualizations widgets using the Annotations feature in Kibana 5.5+ revealing points of contact and indicators in real-time. The familiar mustache syntax is utilized to render row elements from the alert based on case requirements.

How to

Follow this procedure to enable Siren Alert Annotations over your data:

  1. Visualize your time series using the Query Builder widget.

  2. Switch to the Annotations tab.

  3. Go to AnnotationsAdd Datasource.

  4. Select the Index and Timefield for Siren Alert.

  5. Index Pattern: watcher_alerts*.

  6. Time Field: @timestamp.

  7. Select the Field to Display in Annotations.

  8. Fields: message.

  9. Row Template: {{ message }}.

Visual example
Siren Alert annotation

