Hey folks - I found a cleaner solution for this…
-
Create a Saved Query using the conditions for your alert.
-
Generate a Permalink as a Saved Object for your query. This will ensure that your Alert message always reference the latest version of the saved query, which is better than hard-coding the current version of the query into the URL which will later be outdated.
-
This will provide you a shorter URL that always references the saved query, it will look like this:
https://[server]/app/kibana?security_tenant=global#/discover/a436b3e0-3f64-11eb-ac54-97d46bd32999?_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A0)%2Ctime%3A(from%3Anow-24h%2Cto%3Anow)) -
Simply swap out the time selector with the variables from the monitor to reflect this instead:
https://[server]/app/kibana?security_tenant=global#/discover/a436b3e0-3f64-11eb-ac54-97d46bd32999?_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A0)%2Ctime%3A(from%3A'{{ctx.periodStart}}'%2Cto%3A'{{ctx.periodEnd}}'))
The result is a much shorter URL that always references the latest version of the query as well as the timeframe that generated the alert.
Hope this helps.