Introduction


Skedler Alerts is available as a ready-to-use Amazon Machine Image(AMI) in AWS that can be used to create and manage alerts using UI with Elasticsearch.   In addition to providing an easy-to-use, affordable ELK Solution, The Skedler Alerts AMI solution offers the following advantages to your business:

  • Flexibility: An elastic cloud-based infrastructure for running Skedler Alerts.
  • Faster Time to Market: Easy to launch and configure the alerting solution since the Skedler Alerts AMI is pre-packaged with all the required components such as Ubuntu 16 and Skedler Alerts.    
  • Powerful Anamoly Detection for Your Business: An ideal business user ready alerting solution for AWS Elasticsearch Service application, Other Cloud-based ELK applications, and On-premise ELK applications.   


Skedler Alerts AWS AMI  can connect to the following:

1. User access to Elasticsearch application is required before running in your AWS instance

2. User access to Amazon Elasticsearch Service is required

3. User access to Elasticsearch application is required before running on-premise in your own servers.  This requires configuration of a VPC so that Skedler Alerts in AWS can connect to your on-premise ELK application.   


Skedler Alerts AMI is a Bring Your Own License (BYOL) AMI.  At this time, you cannot purchase/bill Skedler Alerts License through Amazon.  Please contact sales@skedler.com to learn more about Skedler Alerts pricing and how to purchase the license.    


Please review the information below to learn more about this solution and also how to use it to meet your Elasticsearch Alerting needs in an efficient manner.  


Community Edition


Skedler Alerts AMI is available for free with limited access.


While using the community edition, you can evaluate the key features of Skedler Alerts and experiences its value:

  • Number of Alerts: Only 2 alerts can be scheduled


If you want to schedule multiple alerts, consider purchasing one of the licensed editions of Skedler Alerts. Please review the below table for a comparison of Community version vs.  Licensed Editions of Skedler Alerts.  


 Features    
Community EditionStandard Edition
    Validity    Unlimited Subscription LicenseAnnual Subscription License
Easy to use UI for managing alerts
AvailableAvailable
Rule Templates for Spikes, Flatlines, New Events, Repeating Events, and Thresholds
AvailableAvailable
Flexible filters and scheduling options
AvailableAvailable
Notify users using email and Slack
AvailableAvailable
Drill down to root cause events with Elasticsearch or Kibana®queries
AvailableAvailable
Number of Alerts
2Unlimited


Please visit Licensing for more information on pricing


Pricing and Licensing Skedler Alerts


Skedler Alerts AMI is free to use for the Community Edition.  To upgrade to Standard Edition, you need to purchase the license directly from Skedler Alerts and use it in your AWS cloud instance. To learn more about Skedler Alerts pricing and purchase a license for your AWS instance, please contact the sales team from Licensing page.  Fill in the contact form on the page and a Skedler Alerts representative will reach out to you within 24 hours regarding the purchase of a license.


Launching AWS instance from Skedler Alerts  AMI


1. Login to your AWS account and click "Launch Instance" in the EC2 Dashboard.

2. Search for Skedler Alerts AMI in the AWS Market Place.

3. Select Skedler Alerts AMI.

4. Select the instance type. Please check the minimum requirements mentioned below:

  • Minimum of 2 CPU cores and 8 GB of RAM is recommended for deploying Skedler Alerts.
  • In AWS minimum instance type should be t2.large which will meet the above minimum requirements. 



5. Configure the instance details and network configuration as follows.

  • Configure the number of instance for scaling as 1.
  • In network select the VPC you created. Make sure you select the same VPC network you have selected for the ES service (if ES service is public access service then select any VPC) 
  • Select public subnet (which will be created for the VPC when you create the VPC). Read more about VPC
  • Auto-assign public IP :
    • If option "Enabled" is selected, AWS will create a public IP for the instance. Note this IP will be terminated once you shut down the system and another IP will be assigned on restart. 
    • If you need a permanent IP,  Select the option "Use subnet setting (Disable)", you can associate a Public Elastic IP once the instance is Launched
  • Select the IAM Role to access the instance  - to secure the instance. Read More about EC2 Iam Roles
  • Configure the shutdown behaviour and termination protection. And click Next.



6. Add necessary storage to the instance


7. Configure the Security Groups as follows

  • Before configuring the instance create a security group from the dashboard as given below
    • Port 22 - To connect to skedler alerts instance through SSH and configure skedler alerts
    • Port 3001 - (port on which skedler alerts will run by default. Can change the port in alertconfig.yml later. In that case, add permission to the new port later to the security group
  • In the Instance creation wizard, Select "Select an existing security group" option - Select the security group created as  shown above or create a new security group with permissions for the following ports
  • Make sure that the assigned security group is added to the AWS Elasicsearch service. (Once created you cannot modify the VPC settings in the AWS ES service)
  • On selecting, it will show the inbound rules as in the image above


8. Add a key pair or use an already existing key pair to login into the system. Follow the instruction in the wizard

  • Download the pem file and store it securely (you cannot download it later)


9. After configuring the instance, launch the instance. Once the instance is launched, select the instance and copy the IP address or the public DNS


10. SSH into the instance using putty:

To connect to the system with the putty follow the steps:

  • install putty tools using the following command:
    1. sudo apt-get update && sudo apt-get install putty-tools
  • Generate ppk file using the following command
    1. puttygen  /path/key.pem  -o  <keyname>.ppk
  • Copy the public DNS or the IP for the instance as mentioned above and configure putty as follows

                  a.  Configure the putty session - paste the IP in the "Host Name" box

   b.  Configure the authentication by selecting SSH→Auth, Browse and select the ppk file generated and click open

   

      c.  If everything is configured correctly you will see a screen like below asking for confirmation, Click "Accept" and proceed

           

 d. Once you "Accept" and proceed you will get the login screen. Login username will be by default "ubuntu". Enter the username and press enter you will be logged into the instance.

     


11. Once logged into the system, Follow the steps to configure skedler alerts. (Skedler Alerts is installed in the home folder of the instance)

  • Go to config folder using the command cd config.
  • Open alertconfig.yml (e.g., vi /opt/alert/config/alertconfig.yml)

      ElasticSearch  URL configuration

  • Add Elasticsearch URL with the port (even if the port is 80) in the alertconfig.yml file in the following format


      Proxy server basic authentication configuration

  • If you are using Nginx, follow the steps below.

    If Nginx is configured as a reverse proxy for Elasticsearch, configure Nginx username and password for Elasticsearch as shown:

  • Note: If you are using Shield then refer to Step-by-Step Configuration Guide for Shield.
  • Save changes to alertconfig.yml

For more configuration options please refer alertconfig.yml configuration.


12. Open a browser and type in the instance URL as:

<aws-publicDNS>:<port>

eg:  ec2.xxx-xxx-xxx-xx.compute-1.amazonaws.com:3001

If everything is successfully configured as mentioned, you will see the Skedler Alerts Configuration Page


Configuring and Using Skedler Alerts to detect anomalies



References