Fix expected value for ES query rule type alerts #166986
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
v8.11.0
Comments
maryam-saeidi
added
bug
|
Pinging @elastic/response-ops (Team:ResponseOps) |
|
Pinging @elastic/actionable-observability (Team: Actionable Observability) |
1 task
|
Moving to responseOps as they own the rule (confirmed with @heespi) @maryam-saeidi FYI |
emma-raffenne
removed
the
Team: Actionable Observability - DEPRECATED
github-project-automation
bot
moved this to Awaiting Triage
in AppEx: ResponseOps - Execution & Connectors
doakalexi
moved this from Awaiting Triage
to Todo
in AppEx: ResponseOps - Execution & Connectors
ymao1
moved this from Todo
to In Progress
in AppEx: ResponseOps - Execution & Connectors
ymao1
moved this from In Progress
to Todo
in AppEx: ResponseOps - Execution & Connectors
ymao1
moved this from Todo
to In Progress
in AppEx: ResponseOps - Execution & Connectors
ymao1
moved this from In Progress
to In Review
in AppEx: ResponseOps - Execution & Connectors
github-project-automation
bot
moved this from In Review
to Done
in AppEx: ResponseOps - Execution & Connectors
ymao1
added a commit
that referenced
this issue
Dec 7, 2023
… for ES query rule (#171571) Resolves #166986 ## Summary Adding `kibana.alert.evalution.threshold` to the alert payload for the ES query rule. This is the field that's shown in the alert details view in Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to the stack alerts mapping, using the same mapping type as the observability rule types. This is typed as a `scaled_float` which is expecting a single value, so the threshold is set in the alert payload only when the threshold is a single value. I will open a followup issue for handling multi-valued thresholds. #172714 <img width="1064" alt="Screenshot 2023-11-20 at 1 10 05 PM" src="https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574"> ## To Verify Create an ES query rule with a single threshold that triggers an alert and give it a Metrics or Logs visibility. Let it run and then look at the alert details for the alert from the Observability alert table. The `Expected Value` row should be populated.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 7, 2023
… for ES query rule (elastic#171571) Resolves elastic#166986 ## Summary Adding `kibana.alert.evalution.threshold` to the alert payload for the ES query rule. This is the field that's shown in the alert details view in Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to the stack alerts mapping, using the same mapping type as the observability rule types. This is typed as a `scaled_float` which is expecting a single value, so the threshold is set in the alert payload only when the threshold is a single value. I will open a followup issue for handling multi-valued thresholds. elastic#172714 <img width="1064" alt="Screenshot 2023-11-20 at 1 10 05 PM" src="https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574"> ## To Verify Create an ES query rule with a single threshold that triggers an alert and give it a Metrics or Logs visibility. Let it run and then look at the alert details for the alert from the Observability alert table. The `Expected Value` row should be populated. (cherry picked from commit ec81569)
kibanamachine
referenced
this issue
Dec 7, 2023
…payload for ES query rule (#171571) (#172814) # Backport This will backport the following commits from `main` to `8.12`: - [[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)](#171571) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-12-07T13:20:34Z","message":"[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)\n\nResolves https://github.com/elastic/kibana/issues/166986\r\n\r\n## Summary\r\n\r\nAdding `kibana.alert.evalution.threshold` to the alert payload for the\r\nES query rule. This is the field that's shown in the alert details view\r\nin Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to\r\nthe stack alerts mapping, using the same mapping type as the\r\nobservability rule types. This is typed as a `scaled_float` which is\r\nexpecting a single value, so the threshold is set in the alert payload\r\nonly when the threshold is a single value. I will open a followup issue\r\nfor handling multi-valued thresholds.\r\nhttps://github.com//issues/172714\r\n\r\n<img width=\"1064\" alt=\"Screenshot 2023-11-20 at 1 10 05 PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574\">\r\n\r\n\r\n## To Verify\r\n\r\nCreate an ES query rule with a single threshold that triggers an alert\r\nand give it a Metrics or Logs visibility. Let it run and then look at\r\nthe alert details for the alert from the Observability alert table. The\r\n`Expected Value` row should be populated.","sha":"ec81569930bb91a55fec1ee8925826d804348361","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Feature:Alerting","Team:ResponseOps","v8.12.0","Team:obs-ux-management","v8.13.0"],"number":171571,"url":"https://github.com/elastic/kibana/pull/171571","mergeCommit":{"message":"[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)\n\nResolves https://github.com/elastic/kibana/issues/166986\r\n\r\n## Summary\r\n\r\nAdding `kibana.alert.evalution.threshold` to the alert payload for the\r\nES query rule. This is the field that's shown in the alert details view\r\nin Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to\r\nthe stack alerts mapping, using the same mapping type as the\r\nobservability rule types. This is typed as a `scaled_float` which is\r\nexpecting a single value, so the threshold is set in the alert payload\r\nonly when the threshold is a single value. I will open a followup issue\r\nfor handling multi-valued thresholds.\r\nhttps://github.com//issues/172714\r\n\r\n<img width=\"1064\" alt=\"Screenshot 2023-11-20 at 1 10 05 PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574\">\r\n\r\n\r\n## To Verify\r\n\r\nCreate an ES query rule with a single threshold that triggers an alert\r\nand give it a Metrics or Logs visibility. Let it run and then look at\r\nthe alert details for the alert from the Observability alert table. The\r\n`Expected Value` row should be populated.","sha":"ec81569930bb91a55fec1ee8925826d804348361"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/171571","number":171571,"mergeCommit":{"message":"[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)\n\nResolves https://github.com/elastic/kibana/issues/166986\r\n\r\n## Summary\r\n\r\nAdding `kibana.alert.evalution.threshold` to the alert payload for the\r\nES query rule. This is the field that's shown in the alert details view\r\nin Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to\r\nthe stack alerts mapping, using the same mapping type as the\r\nobservability rule types. This is typed as a `scaled_float` which is\r\nexpecting a single value, so the threshold is set in the alert payload\r\nonly when the threshold is a single value. I will open a followup issue\r\nfor handling multi-valued thresholds.\r\nhttps://github.com//issues/172714\r\n\r\n<img width=\"1064\" alt=\"Screenshot 2023-11-20 at 1 10 05 PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574\">\r\n\r\n\r\n## To Verify\r\n\r\nCreate an ES query rule with a single threshold that triggers an alert\r\nand give it a Metrics or Logs visibility. Let it run and then look at\r\nthe alert details for the alert from the Observability alert table. The\r\n`Expected Value` row should be populated.","sha":"ec81569930bb91a55fec1ee8925826d804348361"}}]}] BACKPORT--> Co-authored-by: Ying Mao <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
📝 Summary
Expected value is missing for the ES query rule:
✅ Acceptance Criteria
The text was updated successfully, but these errors were encountered: