Built-in alerts and templates
Serverless Stack
When you install or upgrade Elastic Agent, new alert rules are created automatically. You can configure and customize out-of-the-box alerts to get them up and running quickly.
The built-in alerts feature for Elastic Agent is available only for some subscription levels. The license (or a trial license) must be in place before you install or upgrade Elastic Agent before this feature is available.
Refer Elastic subscriptions for more information.
In Kibana, you can enable out-of-the-box rules pre-configured with reasonable defaults to provide immediate value for managing agents. You can use ES|QL to author conditions for each rule.
Connectors are not added to rules automatically, but you can attach a connector to route alerts to your platform of choice -- Slack or email, for example. In addition, you can add filters for policies, tags, or hostnames to scope alerts to specific sets of agents
You can find these rules in Stack Management > Alerts and Insights > Rules.
Some integration packages include alerting rule template assets that provide pre-made definitions of alerting rules. You can use the templates to create your own custom alerting rules that you can enable and fine tune.
When you click a template, you get a pre-filled rule creation form. You can define and adjust values, set up connectors, and define rule actions to create your custom alerting rule.
You can see available templates in the integrations/detail/<package>/assets view.