With Elastic Observability we can create alerts on all data we collect, such as logs, metrics, application services and synthetic monitoring. However, NetEye represents the main operational console from which to monitor the entire infrastructure.
By sending alarms from Elastic Observability to NetEye via Tornado, we can also bring this information into the NetEye console, providing a more centralized view of relevant events.
This approach improves operational visibility and makes it easier to correlate alarms generated in Elastic with the rest of the information already present in NetEye.
To show this in practice, we’ll look in this article at a practical integration example using a Synthetic Monitoring alarm generated in Elastic Observability and sent to NetEye via Tornado.
Create a Tornado Webhook
Go to the /neteye/shared/tornado_webhook_collector/conf/webhooks folder and create a file called nc_synthetics_alerts.json. Replace TOKEN_VALUE with this custom token:
{
"id": "nc_synthetics_alerts",
"token": "TOKEN_VALUE",
"collector_config": {
"event_type": "nc_synthetics_alerts",
"payload": {
"data": "${@}"
}
}
}Create a Kibana Webhook Connector
From the Kibana main menu go to the Stack Management section, then to Connectors and create a new connector:
Create a Rule on a Synthetic Monitor
From the Kibana main menu go to Observability → Alerts → Manage Rules → Create rule → Synthetics monitor status and choose the list of monitors to be sent to NetEye, the rule condition and the schedule:
Set the actions the rule should do, then choose the Tornado connector you made earlier and set Message and Settings:
Choose the name of the rule and save it:
Create a Tornado Rule
Now log in to your NetEye user interface and go to the Tornado section. Follow these steps to begin configuration:
We’re now in Edit mode and we can create a new rule inside master:
Now let’s create two rulesets within the filter:
- The hostname field is present in the body that comes from Kibana
- The hostname field is not present
First ruleset
Second ruleset
Create synthetic test host on NetEye for alarms without a configured host name:
Create rule:
Save and deploy your changes:
Conclusion
This is a simple yet effective integration that brings the value of alarms generated in Elastic Observability to NetEye, providing an even more comprehensive operational view.
This way, information that would otherwise remain confined to the observability platform can be made immediately available within NetEye’s operational context.
These Solutions are Engineered by Humans
Are you passionate about performance metrics or other modern IT challenges? Do you have the experience to drive solutions like the one above? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this as well as other roles here at Würth IT Italy.
Daniele Saccon
My journey in the world of IT began in the area of Data Analytics and Big Data, where I worked with a different tools, with a particular focus on Elastic Stack. Over time, my interests shifted toward Application Performance Monitoring and Observability, which now represent the core of my professional activity. I am passionate about making systems and data more readable, interpretable, and useful, in order to help customers make better decisions and gain an increasingly clear view of their technological environments.
At Würth IT Italy, I am part of the NetEye Delivery team, where I support customers on projects related to APM and Observability. What motivates me most is working across different contexts and having the opportunity to combine technical expertise with a consulting approach, building practical solutions that deliver real value.
Author
Latest posts by Daniele Saccon
16. 03. 2026
APM, Knowledge Management, Log-SIEM, Training
Inside Elastic Certifications: My Experience Between Preparation and Exams