Bulk enable/disable Kibana Rules #116017
Comments
stefnestor
added
enhancement
stefnestor
added
the
Team:ResponseOps
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
pmuellr
added
the
Feature:Alerting/RulesManagement
|
For this scenario, it would be nice if you could just stop alerting, rather than bulk disable the rules. Right now, if you disable the rules, they will need to be specifically enabled - and the user that enables them will end up having an API key generated with their privileges, associated with them. So, while a "bulk disable" would be nice, trying to re-enable these would be pretty painful, I think. Even to bulk disable all of the rules today, you'd have to do it per space. It really feels like it's time to have some kind of "rule administrator" role, which we could use to gate some "global" activities like this. In lieu of any of that, perhaps just a config key, that indicated that none of the rules should actually run, would be good. We'd just check that config in the rule task runner, and not actually run the executors. And provide some UX in the rule pages to indicate "rules are not running because of the config key" kind of thing. |
|
cc: @bsturg |
gmmorris
added
estimate:needs-research
TBC this is not an option as it will corrupt all these rules due to our use of encrypted saved objects (we rely on AAD to prevent users from tampering with SOs). |
gmmorris
changed the title
🙏🏼 per #116017, adds insight on how to temporarily disable Kibana Rules for clusters which need breathing room.
|
miss click sorry 😂 |
gmmorris
moved this from Done
to Todo
in AppEx: ResponseOps - Rules & Alerts Management
👋🏼 @gchaps asked me to file a new PR since my last #122573 got too far behind. ## Summary 🙏🏼 per #116017, adds insight on how to temporarily disable Kibana Rules for clusters which need breathing room. --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Lisa Cawley <[email protected]>
👋🏼 @gchaps asked me to file a new PR since my last #122573 got too far behind. ## Summary 🙏🏼 per #116017, adds insight on how to temporarily disable Kibana Rules for clusters which need breathing room. --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Lisa Cawley <[email protected]> (cherry picked from commit b1d6196)
# Backport This will backport the following commits from `main` to `8.9`: - [[DOCv2] Temporarily disable Kibana Rules (#126869)](#126869) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Stef Nestor","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-07-13T13:22:55Z","message":"[DOCv2] Temporarily disable Kibana Rules (#126869)\n\n👋🏼 @gchaps asked me to file a new PR since my last\r\nhttps://github.com//pull/122573 got too far behind.\r\n\r\n## Summary\r\n\r\n🙏🏼 per #116017, adds insight on how to temporarily disable Kibana Rules\r\nfor clusters which need breathing room.\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>\r\nCo-authored-by: Lisa Cawley <[email protected]>","sha":"b1d619617a0321617636c7c1bbcbf74e393a5d9e","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","docs","auto-backport","Feature:Alerting/RulesManagement","v8.9.0","v8.10.0"],"number":126869,"url":"https://github.com/elastic/kibana/pull/126869","mergeCommit":{"message":"[DOCv2] Temporarily disable Kibana Rules (#126869)\n\n👋🏼 @gchaps asked me to file a new PR since my last\r\nhttps://github.com//pull/122573 got too far behind.\r\n\r\n## Summary\r\n\r\n🙏🏼 per #116017, adds insight on how to temporarily disable Kibana Rules\r\nfor clusters which need breathing room.\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>\r\nCo-authored-by: Lisa Cawley <[email protected]>","sha":"b1d619617a0321617636c7c1bbcbf74e393a5d9e"}},"sourceBranch":"main","suggestedTargetBranches":["8.9"],"targetPullRequestStates":[{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/126869","number":126869,"mergeCommit":{"message":"[DOCv2] Temporarily disable Kibana Rules (#126869)\n\n👋🏼 @gchaps asked me to file a new PR since my last\r\nhttps://github.com//pull/122573 got too far behind.\r\n\r\n## Summary\r\n\r\n🙏🏼 per #116017, adds insight on how to temporarily disable Kibana Rules\r\nfor clusters which need breathing room.\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>\r\nCo-authored-by: Lisa Cawley <[email protected]>","sha":"b1d619617a0321617636c7c1bbcbf74e393a5d9e"}}]}] BACKPORT--> Co-authored-by: Stef Nestor <[email protected]>
Hello, team! In troubleshooting Kibana Alerts we've ran into the corner scenario:
Currently, you have to restart Kibana after setting temporary settings
xpack.task_manager.max_workers: 1xpack.task_manager.poll_interval: 1mAlternatively you can completely disable alerts
xpack.alerts.enabled: false(not sure if you can still see them in the UI after this, though).Then, in UI you have to go page-by-page of rules/alerts and
However, this can be highly annoying if you have a lot of rules. Desire is to be able to run a Kibana APi like
POST /api/alerting/rule/_all/_disableto do all at once.Alternatively, do an update_by_query like command to disable all alerts of certain type, or w/name string, or created recently, etc.(@gmmorris - striked out due to this: #116017 (comment))The text was updated successfully, but these errors were encountered: