Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC][Observability] Use simpler alert severity level mapping #109075

Closed
mgiota opened this issue Aug 18, 2021 · 1 comment · Fixed by #109068
Closed

[RAC][Observability] Use simpler alert severity level mapping #109075

mgiota opened this issue Aug 18, 2021 · 1 comment · Fixed by #109068
Assignees
@mgiota
Labels
Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Theme: rac label obsolete v7.15.0 v8.0.0

Comments

@mgiota
Copy link
Contributor

mgiota commented Aug 18, 2021
edited
Loading

📝 Summary

In order to comply with the Alerts-as-Data-Schema-Fields, we are removing kibana.alert.severity.level and kibana.alert.severity.value and keep only kibana.alert.severity.

Acceptance criteria

  • ALERT_SEVERITY_VALUE and all usages are removed for now
  • ALERT_SEVERITY_LEVEL is renamed to ALERT_SEVERITY and it will be a keyword field called kibana.alert.severity
  • the severity field will be hidden from the obs alert table and flyout (part of this PR [RAC][Observability] temporarily hide severity column #109004)
  • the discussion about storing the severity value will be deferred until we have time to gather wider input about the use-cases

Notes

  • This also lets us keep the schema consistent with existing security signals where they use signal.rule.severity and they would like to alias that field as kibana.alert.severity (as opposed to aliasing it as kibana.alert.severity.level).
@botelastic botelastic bot added the needs-team Issues missing a team label label Aug 18, 2021
@mgiota mgiota added the Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services label Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Aug 18, 2021
@mgiota mgiota self-assigned this Aug 18, 2021
@mgiota mgiota mentioned this issue Aug 18, 2021
Merged
@mgiota mgiota changed the title [RAC][Observability] Comply with Comply with the Alerts-as-Data-Schema-Fields spreadsheet for severity [RAC][Observability] Use simpler alert severity level mapping Aug 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mgiota mgiota

Labels
Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Theme: rac label obsolete v7.15.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[RAC] [Observability] Use simpler alert severity level mapping mgiota/kibana
2 participants
@mgiota @elasticmachine