Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Discover][Alerting] Add info when data view has changed after rule creation #134232

Closed
kertal opened this issue Jun 13, 2022 · 3 comments · Fixed by #134674
Closed

[Discover][Alerting] Add info when data view has changed after rule creation #134232

kertal opened this issue Jun 13, 2022 · 3 comments · Fixed by #134674
Assignees
Labels
enhancement New value added to drive a business result Feature:Discover Discover Application impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. v8.4.0 WIP Work in progress

Comments

@kertal
Copy link
Member

kertal commented Jun 13, 2022

When using the link navigating to Discover from an alert rule notification, we currently show a toast to inform the user that the displayed documents might be different to the original document triggering the notification. Same should apply when the data view has changed.

We have a updated_at property available in the data view and alert rule saved object. Given that updated_at property is newer than the rule's updated_at property, information to the toast should be added like
"The data view has been updated after the last update of the alert rule."

@kertal kertal added Feature:Discover Discover Application Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. labels Jun 13, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

@kertal kertal added the v8.4.0 label Jun 13, 2022
@kertal kertal added the enhancement New value added to drive a business result label Jun 13, 2022
@dimaanj dimaanj added the WIP Work in progress label Jun 17, 2022
@kertal kertal reopened this Aug 22, 2022
@kertal
Copy link
Member Author

kertal commented Aug 22, 2022

Reopening since the current solution needs to be re-evaluated (comparison with updated_at is not a good solution since this value will also be updated when fields are added/removed to Discover -- field popularity )

@dimaanj dimaanj removed the WIP Work in progress label Aug 29, 2022
@dimaanj dimaanj added the WIP Work in progress label Sep 23, 2022
@ninoslavmiskovic ninoslavmiskovic added the impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. label Oct 13, 2022
dimaanj added a commit that referenced this issue Jan 4, 2023
…6403)

## Summary

Closes #145815, #134232

- Moves Discover locator to common area
- Builds alerts results link from the server
- Now there are two implementations of `setStateToKbnUrl` which is used
in locator. New one in common are lost `HashedItemStore` support, since
sessions storage are actual only for browser
- Toasts `Alert rule has changed`, `Data View has changed` removed
- link generated per each alert will be unique representation of those
`rule params` and `data view state` which were at the time of invocation
- Restuls link will live even after data view and rule removal




### How to create rule

- Create an output index and data view `test` 
<details>
  <summary>Query to use</summary>
  
```
PUT test
{
    "settings" : {
        "number_of_shards" : 1
    },
    "mappings" : {
        "properties" : {
            "rule_id" : { "type" : "text" },
            "rule_name" : { "type" : "text" },
            "alert_id" : { "type" : "text" },
            "context_message": { "type" : "text" }
        }
    }
}
```
</details>

- Create alerts connector using `test` index
- Open `Elasticsearch query` alert in `KQL or Lucene` mode or just using
Discover `Alerts` button
- Specify the following params: `IS ABOVE: 1`, `FOR THE LAST: 30 min`
- Try execute it by clicking `Test query`. It should match some results
- When choosing connector, use the following config
```
{
    "rule_id": "{{rule.id}}",
    "rule_name": "{{rule.name}}",
    "alert_id": "{{alert.id}}",
    "context_message": "{{context.message}}"
}
```
- Create the alert

### How to test

- Create `Elasticsearch query` rule in `KQL or Lucene` mode like
described above
- Wait for some seconds and find the triggered alert document by
browsing `test` data view in Discover. There should be a link to results
in `context_message` field. Save the link somewhere
- Change rule params by adding/removing filters / changing query /
changing data view
- Follow saved link, you should see previous filters, query and data
view state
- Open rule in management and click `View in app`, you should see actual
state of rule
- Try to remove used data view and then follow saved link, you should
still see the results
- Try to remove rule and then follow saved link, you should still see
the results.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

Co-authored-by: Davis McPhee <[email protected]>
@dimaanj
Copy link
Contributor

dimaanj commented Jan 4, 2023

Resolved

@dimaanj dimaanj closed this as completed Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New value added to drive a business result Feature:Discover Discover Application impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. v8.4.0 WIP Work in progress
Projects
None yet
4 participants