# Elastic Integrations

Elastic is a search and observability platform built around Elasticsearch and Kibana. Its built-in alerting engine lets you define rules that evaluate queries on your data at regular intervals. When a rule condition is met, Kibana can fire a webhook action to any HTTP endpoint — including itoc360. This page walks you through setting up that connection.

### How It Works

Kibana rules run on a schedule you define. When the rule condition is met (for example, a query returns more results than a threshold), Kibana calls the webhook connector you have attached to that rule. The connector sends a JSON payload to itoc360, which turns it into an alert in your on-call workflow.

### Prerequisites

* An Elastic Cloud account (any plan with Kibana access)
* An itoc360 account with at least one active on-call schedule

### Step 1 — Open Kibana

Log in to your Elastic Cloud account and open your Kibana deployment. You will land on the Observability overview page.

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2Fls2GsKmY7lBHiFIfqnMg%2Fimage.png?alt=media&#x26;token=3f143f25-2639-47a4-9f74-86692551e37a" alt=""><figcaption></figcaption></figure>

### Step 2 — Create a Webhook Connector

Navigate to **Settings (⚙️) → Connectors** in the left sidebar, then click **Create connector**.

Select **Webhook** from the connector type list. Fill in the connector form with the following values:

| Field             | Value                         |
| ----------------- | ----------------------------- |
| Connector name    | `itoc360`                     |
| Method            | POST                          |
| URL               | Your itoc360 webhook endpoint |
| Authentication    | None                          |
| HTTP Header Key   | `Content-Type`                |
| HTTP Header Value | `application/json`            |

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2FqdvZZpJqU0P47orZ9J9Y%2FEkran%20Resmi%202026-03-23%2017.16.49.png?alt=media&#x26;token=98e2898e-408a-4ffe-b7a3-2817f216323f" alt=""><figcaption></figcaption></figure>

Click **Save** to confirm.

### Step 3 — Create an Alerting Rule

Go to **Connectors → Rules** in the left menu and click **Create rule**. From the rule type list, select **Elasticsearch query**.

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2FbAN37kwqU15TV9RBIpoW%2Fimage.png?alt=media&#x26;token=d74ba3f4-ea4a-472d-9cd3-7cf43c20d1dc" alt=""><figcaption></figcaption></figure>

Configure the rule definition:

* **Query type:** KQL or Lucene
* **Data view:** Select the data view that covers the indices you want to monitor
* **Condition:** Set your threshold (for example, `count() IS ABOVE 0`)
* **Rule schedule:** Every 1 minute (adjust to your needs)

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2FOOVMbgOxLWXVwsCSq1Tb%2FEkran%20Resmi%202026-03-23%2017.18.10.png?alt=media&#x26;token=80ade3f2-fa61-4c6b-bc2f-138c541c93a4" alt=""><figcaption></figcaption></figure>

Scroll down to the **Actions** section and click **Add action**. Select **Webhook**, then choose the `itoc360` connector you created in Step 2.

In the action body, paste the following template:

```json
{
  "alertId": "{{alertId}}",
  "alertName": "{{alertName}}",
  "alertActionGroup": "{{alertActionGroup}}",
  "alertActionGroupName": "{{alertActionGroupName}}",
  "spaceId": "{{spaceId}}",
  "date": "{{date}}",
  "kibanaBaseUrl": "{{kibanaBaseUrl}}",
  "context": {{{context}}}
}
```

Scroll further down, give the rule a name under **Details**, then click **Save rule**.

### Step 4 — Verify the Connection

To confirm that alerts are reaching itoc360, open the connector and go to the **Test** tab. Replace the body with a plain JSON payload (no Mustache variables) and click **Run**.

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2Fs9V6vzrPrVkUzWGwwNBR%2Fimage.png?alt=media&#x26;token=3defb347-cc54-4d40-86bc-bcc945b0f591" alt=""><figcaption></figcaption></figure>

A `200 OK` response in the Results section means the connection is working. Within the next rule evaluation cycle, a real alert will appear in your itoc360 alert feed.

### Webhook Payload Structure

When a rule fires, Kibana sends a payload that looks like this:

```json
{
  "alertId": "abc123",
  "alertName": "High Error Rate",
  "alertActionGroup": "query matched",
  "alertActionGroupName": "Query matched",
  "spaceId": "default",
  "date": "2026-03-23T17:00:00.000Z",
  "kibanaBaseUrl": "https://my-project.kb.europe-west3.gcp.elastic.cloud",
  "context": {
    "title": "rule 'High Error Rate' matched query",
    "message": "rule is active",
    "conditions": "count > 0",
    "value": "42"
  }
}
```

### Troubleshooting

**The connector test returns an error** Double-check that the URL field contains your full itoc360 webhook endpoint and that the `Content-Type: application/json` header is present. Remove any trailing slashes from the URL.

**Rules are firing but no alerts appear in itoc360** Make sure the `itoc360` connector is selected in the **Actions** section of the rule, not just saved at the connector level. Each rule needs its connector explicitly attached.

**The action body looks wrong after saving** Kibana validates Mustache templates at save time. If you see an error, make sure `{{{context}}}` uses triple braces (not double) since it contains a JSON object, and all other variables use double braces.