Track and respond
The Elasticsearch platform provides tools to share insights, get notified about important changes, and track incidents. These tools work together across every Elastic solution and project type.
Reporting and sharing lets you export and distribute dashboards, Discover sessions, and visualizations, including to people who don't log into Kibana.
- Generate reports on demand or schedule them automatically
- Export as PDF, PNG snapshots, or CSV files
- Share direct links to live dashboards with real-time, filtered views
Learn more about reporting and sharing →
Alerting monitors your Elasticsearch data continuously and notifies you when specific conditions are met, so you don't have to watch dashboards around the clock.
Define rules that evaluate your data on a schedule and trigger actions when criteria are met:
- Threshold rules: notify you when error rates spike
- Machine learning rules: alert on anomalies
- Geo-containment rules: track assets leaving a defined area
Notifications go where your team already works: email, Slack, PagerDuty, Microsoft Teams, webhooks, and more.
Elastic solutions extend this foundation with domain-specific rules. Security detection rules match threat patterns, while Observability rules monitor SLOs, infrastructure metrics, and log error rates. All rules share the same interface, action framework, and notification channels.
Alerts can also trigger workflows to automate multi-step responses, such as enriching an alert with context, creating a case, or notifying the on-call team.
Cases provide a central place to track incidents, document findings, and coordinate response efforts across your team.
- Attach alerts, files, and visualizations to build a record of your investigation
- Assign team members and add comments
- Push updates to external systems like Jira or ServiceNow
Cases are available in Elastic Security, Observability, and Stack Management.
These capabilities chain together naturally:
- A dashboard reveals a pattern, such as error rates climbing for a specific service.
- An alert rule detects the threshold breach and sends a notification.
- A case tracks the investigation, collecting related alerts, team comments, and resolution steps.
- A scheduled report captures the post-incident dashboard state and distributes it to stakeholders.
For more complex scenarios, workflows can automate the steps between detection and resolution — creating cases, notifying teams, and taking action without human intervention.
- Automatically generate reports: Set up recurring report delivery for your dashboards.
- Getting started with alerting: Create your first alert rule and configure notification channels.
- Create a case: Start tracking an incident and attach relevant alerts and evidence.