Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve ES Query reason message #166984

Closed
maryam-saeidi opened this issue Sep 21, 2023 · 8 comments · Fixed by #169315
Closed

Improve ES Query reason message #166984

maryam-saeidi opened this issue Sep 21, 2023 · 8 comments · Fixed by #169315
Assignees
@doakalexi
Labels
Feature:Alerting Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.11.0

Comments

@maryam-saeidi
Copy link
Member

📝 Summary

ES query rule reason does not match the rest of the Observability rule types, as shown below:

image

We need to discuss this topic with @katrin-freihofner and @shanisagiv1 to develop a reason message that works for stack and observability use cases. (Or maybe we can define the reason differently for different consumers)

I suggest removing the relative link as it is not easily usable in the current state.

✅ Acceptance Criteria

  • Change the reason message based on the decision.
@maryam-saeidi maryam-saeidi added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" v8.11.0 labels Sep 21, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/actionable-observability (Team: Actionable Observability)

@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@maryam-saeidi maryam-saeidi mentioned this issue Sep 21, 2023
Merged
1 task
@katrin-freihofner
Copy link
Contributor

I think we can use a similar message for the custom threshold rule and the Elastic search rule. I would start with what we currently have for the Metric threshold rule as a basis.

@shanisagiv1
Copy link

Let me check how this link is used today (if any).. ++ with alignment between the reasons.

@shanisagiv1
Copy link

what structure do you have for the threshold rule? I'm fine with removing it from the reason. since it's also avilalbe in the action context for sending via email for example..

@mikecote mikecote moved this from Awaiting Triage to Todo in AppEx: ResponseOps - Execution & Connectors Sep 28, 2023
@doakalexi doakalexi self-assigned this Oct 13, 2023
@doakalexi doakalexi moved this from Todo to In Progress in AppEx: ResponseOps - Execution & Connectors Oct 17, 2023
@maryam-saeidi
Copy link
Member Author

@shanisagiv1 @doakalexi I am working on improving the custom threshold rule reason, and after discussion with @katrin-freihofner, we decided to move forward with this suggestion:

Document count is 21, above the threshold of 1; CPU usage is 2.11429, above the threshold of 1. (duration: 1 min, data view: metrics-fake_hosts, group: host-11)

Can we use a similar structure for the ES query rule?

@doakalexi
Copy link
Contributor

@shanisagiv1 @doakalexi I am working on improving the custom threshold rule reason, and after discussion with @katrin-freihofner, we decided to move forward with this suggestion:

Document count is 21, above the threshold of 1; CPU usage is 2.11429, above the threshold of 1. (duration: 1 min, data view: metrics-fake_hosts, group: host-11)

Can we use a similar structure for the ES query rule?

Sure I can think we can do that!

@maryam-saeidi
Copy link
Member Author

@doakalexi Nice!

Does the ES query rule have only one condition or multiple conditions? The example that I shared is useful for multiple conditions, but if the ES query rule only has one condition, another alternative can be:

Document count is 18 in the last 1 min for host-0 in APM data view. Alert when above 10.

host-0 is the group, and APM is the data view name.

@doakalexi doakalexi mentioned this issue Oct 19, 2023
Merged
1 task
@doakalexi doakalexi moved this from In Progress to In Review in AppEx: ResponseOps - Execution & Connectors Oct 23, 2023
doakalexi added a commit that referenced this issue Oct 26, 2023
@doakalexi
[ResponseOps][Alerting] Improve ES Query reason message (#169315)
f8d3cc2 
Resolves #166984

## Summary

Updating the reason message to align more with the other rule types.
Updating the format to be more like this:
`Document count is 18 in the last 1 min for host-0 in APM data view.
Alert when above 10.
`

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios


### To verify

- Create an es query rule and set the scope to Metrics, so it's visible
in Observability
- Verify that the reason message is correct for the 3 different types of
es query rule
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doakalexi doakalexi

Labels
Feature:Alerting Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.11.0
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ResponseOps][Alerting] Improve ES Query reason message doakalexi/kibana
5 participants
@maryam-saeidi @elasticmachine @katrin-freihofner @shanisagiv1 @doakalexi