observe
Installation
SKILL.md
Observe
Transient, session-scoped monitoring and ad-hoc querying. Unlike manage-alerts (which
creates a durable saved object in Kibana), observe polls in-process and returns once fired,
once its window closes, or — in now / table mode — immediately.
Modes
| Mode | When to pick it | Blocks? |
|---|---|---|
anomaly (default) |
"tell me when anything unusual fires", "watch for anomalies", open-ended monitoring | Until an anomaly fires or max_wait elapses |
metric |
user names a specific metric — either with a threshold ("wait until memory drops below 80MB") or without ("show me a live chart of X") | Polls for max_wait seconds (default 60s, interval 5s) |
now |
"what is X right now", "check X", "current value of Y" — single-instance scalar read | Returns immediately |
table |
"list …", "which … are …", group-by / top-N queries, or any ES|QL result with mixed-type columns | Returns immediately |
If the user wants durable alerting ("page me whenever..."), use manage-alerts instead.
Prerequisites
Related skills