patrykkopycinski/o11y-slo-setup
skills/o11y-slo-setup/SKILL.md
Interactive guide for creating SLOs from discovered APM and metric data — identifies candidates, lets user configure targets, and creates SLOs.
$ install --global
skillsauthnpx skillsauth add patrykkopycinski/elastic-cursor-plugin o11y-slo-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 27, 2026, 6:26 AM118.0s1 file scanned
SKILL.md
- name:
- o11y-slo-setup
- description:
- Interactive guide for creating SLOs from discovered APM and metric data — identifies candidates, lets user configure targets, and creates SLOs.
O11Y SLO Setup Workflow
Guide the user through creating Service Level Objectives based on their available data.
Trigger
Use when the user asks to:
- "Create SLO"
- "Set up SLOs"
- "Service level objectives"
- "SLO targets"
- "Availability SLO"
- "Latency SLO"
Also activates on keywords: "SLO", "service level", "burn rate", "error budget", "SLI", "availability target"
Do NOT use when:
- "Create dashboard" (→ use
o11y-service-dashboard) - "Full monitoring setup" (→ use
o11y-full-setup)
Steps
0. Get Cluster Context
Call get_cluster_context to get cached cluster awareness — version, health, installed features, and SLO capabilities. This confirms that the SLO feature is available in the Kibana deployment.
1. Discover Data
Call discover_o11y_data to find APM services and metrics that can support SLOs.
2. Identify SLO Candidates
Call get_data_summary with format: "json" to get SLO recommendations.
Present each candidate:
- APM Latency SLOs: For each service with transaction data — "Service X: p95 latency < threshold, target 99.5%"
- APM Availability SLOs: For each service with error data — "Service X: availability target 99.9%"
- Custom Metric SLOs: For any numeric metrics suitable as SLIs
3. User Decision Point — Select SLOs
Ask the user:
- Which SLO candidates to create (numbered list, allow "all")
- For each selected SLO, confirm or adjust:
- Name (suggest based on service and indicator type)
- Target percentage (show recommended default)
- Time window (suggest 30d rolling)
- Any tags to apply
4. Check Existing SLOs
Call kibana_api with GET /api/observability/slos to check for duplicates.
If any existing SLOs overlap with selections, warn the user and ask whether to skip or create anyway.
5. Create SLOs
For each approved SLO, call kibana_api with POST /api/observability/slos and the configured parameters as the request body.
Report each created SLO:
- Name and ID
- Indicator type and target
- Kibana URL to view
6. Summary
Present:
- Total SLOs created
- Current status of each (if available from creation response)
- Suggested next steps: monitor burn rates, set up burn rate alerts, create an SLO dashboard
7. Create Burn Rate Alerts (Optional)
For each created SLO, offer to set up burn rate alerts using create_alert_rule. Burn rate alerts trigger when the error budget is being consumed faster than expected, giving early warning before an SLO breach.
Tools Used
get_cluster_context— cached cluster awareness (version, health, capabilities)discover_o11y_data— discover APM services and metrics for SLO candidatesget_data_summary— generate SLO recommendationskibana_api— list existing SLOs (GET /api/observability/slos) and create new ones (POST /api/observability/slos)create_alert_rule— create burn rate alerts for SLOs
API References
elastic://docs/api/kibana— Kibana REST API reference for SLO endpoints (/api/observability/slos)
Prerequisites
ES_URLandES_API_KEYconfigured- SLO feature enabled in Kibana (Observability → SLOs)
- APM data or custom metrics flowing
Interactive Dashboard
Interactive Dashboard: When using Claude Desktop or other ext-apps hosts,
slo_dashboardrenders an interactive SLO monitoring view with burn rate gauges and error budget tracking, andslo_forecasterprojects SLO compliance with confidence intervals. In Cursor/CLI, both return markdown.
Related Skills
o11y-full-setup— complete observability setup including dashboards and SLOso11y-service-dashboard— create service dashboards to complement SLO monitoring
Related Skills
patrykkopycinski/security-threat-hunting
testing
VerifiedTrustedCommunity
Interactive threat hunting workflow using ES|QL and Elasticsearch queries — from hypothesis formulation through data exploration, IOC search, and finding documentation.
6SKILL.mdUpdated May 27, 2026
patrykkopycinski/security-inbox
testing
VerifiedTrustedCommunity
Start your security session with a personalized briefing — attacks, alerts, cases, rules, threat intel. Use as the first thing when starting security work.
6SKILL.mdUpdated May 27, 2026
patrykkopycinski/security-full-setup
testing
VerifiedTrustedCommunity
Interactive guide for complete Elastic Security setup — discovers data sources, assesses detection coverage, configures rules, and creates security dashboards.
6SKILL.mdUpdated May 27, 2026
patrykkopycinski/security-detection-engineering
testing
VerifiedTrustedCommunity
Guide for authoring custom detection rules — from threat hypothesis through rule creation, testing, and tuning with KQL, EQL, ES|QL, and threshold rules.
6SKILL.mdUpdated May 27, 2026