Skip to content

Add CPU usage per host alerting v2 rule type example#3

Draft
benakansara wants to merge 1 commit into
mainfrom
cursor/cpu-alerting-rule-example-6f1a
Draft

Add CPU usage per host alerting v2 rule type example#3
benakansara wants to merge 1 commit into
mainfrom
cursor/cpu-alerting-rule-example-6f1a

Conversation

@benakansara
Copy link
Copy Markdown
Owner

@benakansara benakansara commented May 5, 2026

Summary

Adds a new example alerting v2 rule type (example.cpu-usage-per-host) that demonstrates how to create a rule to monitor CPU usage per host using the Kibana Alerting framework.

The rule type:

  • Queries metrics indices for average CPU usage aggregated by host using an Elasticsearch terms + avg aggregation
  • Supports both critical and warning thresholds (e.g., 90% and 75%)
  • Uses configurable parameters: index pattern, host field, CPU metric field, and time window
  • Supports optional filter queries for scoping to specific environments or clusters
  • Reports per-host alerts with contextual information (host name, CPU %, threshold, human-readable reason)
  • Includes a recovered action group for auto-resolving incidents in PagerDuty/Jira/ServiceNow
  • Registered in the alerting example plugin with full feature privileges

How to use via API

curl -X POST "https://my-kibana:5601/api/alerting/rule/cpu-per-host-01" \
  -H "kbn-xsrf: true" \
  -H "Content-Type: application/json" \
  -H "Authorization: ApiKey <your-api-key>" \
  -d '{
    "name": "CPU usage per host",
    "rule_type_id": "example.cpu-usage-per-host",
    "consumer": "alerts",
    "schedule": { "interval": "1m" },
    "params": {
      "threshold": 0.9,
      "warnThreshold": 0.75,
      "timeWindowMinutes": 5,
      "indexPattern": "metrics-*",
      "hostField": "host.name",
      "cpuField": "system.cpu.total.norm.pct"
    },
    "actions": []
  }'

Checklist

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
  • Review the backport guidelines and apply applicable backport:* labels.

Identify risks

This is an example plugin addition with no production impact. The rule type is only loaded when example plugins are enabled.

  • No production risks — example plugin only
Open in Web Open in Cursor 

@cursoragent @benakansara
Add CPU usage per host alerting v2 rule type example
cf0bc9c 
Adds a new example rule type (example.cpu-usage-per-host) that demonstrates
how to create an alerting v2 rule to monitor CPU usage per host.

The rule:
- Queries metrics indices for average CPU usage grouped by host
- Supports critical and warning thresholds
- Uses configurable index pattern, host field, and CPU metric field
- Supports optional filter queries for scoping
- Reports per-host alerts with contextual information
- Includes a recovery action group for auto-resolving incidents

Co-authored-by: Bena Kansara <benakansara@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

author:actionable-obs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benakansara @cursoragent