Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC][Observability] Stop indexing severity in Uptime #120868

Closed
mgiota opened this issue Dec 9, 2021 · 1 comment · Fixed by #120873
Closed

[RAC][Observability] Stop indexing severity in Uptime #120868

mgiota opened this issue Dec 9, 2021 · 1 comment · Fixed by #120873
Assignees
@mgiota
Labels
Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" Theme: rac label obsolete v8.0.0 v8.1.0

Comments

@mgiota
Copy link
Contributor

mgiota commented Dec 9, 2021
edited
Loading

📝 Summary

At the moment Uptime indexes severity under kibana.alert.severity with values critical and warning. We should stop indexing these values for following reasons:
@mgiota mgiota changed the title [RAC][Observability] Stop indexing severity in uptime [RAC][Observability] Stop indexing severity in Observability apps Dec 9, 2021
@mgiota mgiota self-assigned this Dec 9, 2021
@botelastic botelastic bot added the needs-team Issues missing a team label label Dec 9, 2021
@mgiota mgiota added the Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" label Dec 9, 2021
@botelastic botelastic bot removed the needs-team Issues missing a team label label Dec 9, 2021
@mgiota mgiota changed the title [RAC][Observability] Stop indexing severity in Observability apps [RAC][Observability] Stop indexing severity in Uptime Dec 9, 2021
@mgiota mgiota mentioned this issue Dec 9, 2021
Merged
@mgiota
Copy link
Contributor Author

mgiota commented Dec 9, 2021
edited
Loading

@jasonrhodes As discussed I wanted to stop indexing the severity value for APM as well as part of this ticket. I kept indexing the severity for APM because it is currently used in two places:

  • as an annotation in a chart
  • it is used to construct the reason message in Observability alerts table

The severity values for APM are being calculated reading a severity score and they can be critical, major, minor, warning, low or unknown https://github.com/elastic/kibana/blob/main/x-pack/plugins/ml/common/util/anomaly_utils.ts#L131

@marshallmain If I remember correctly are these the same values you use in Security for the severity value?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mgiota mgiota

Labels
Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" Theme: rac label obsolete v8.0.0 v8.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[RAC][Observability] stop indexing severity value in uptime mgiota/kibana
1 participant
@mgiota