Alert details expected value only handles single value #172714
Labels
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
ymao1
added
the
Team:obs-ux-management
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
ymao1
added
the
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
ymao1
added a commit
that referenced
this issue
Dec 7, 2023
… for ES query rule (#171571) Resolves #166986 ## Summary Adding `kibana.alert.evalution.threshold` to the alert payload for the ES query rule. This is the field that's shown in the alert details view in Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to the stack alerts mapping, using the same mapping type as the observability rule types. This is typed as a `scaled_float` which is expecting a single value, so the threshold is set in the alert payload only when the threshold is a single value. I will open a followup issue for handling multi-valued thresholds. #172714 <img width="1064" alt="Screenshot 2023-11-20 at 1 10 05 PM" src="https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574"> ## To Verify Create an ES query rule with a single threshold that triggers an alert and give it a Metrics or Logs visibility. Let it run and then look at the alert details for the alert from the Observability alert table. The `Expected Value` row should be populated.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 7, 2023
… for ES query rule (elastic#171571) Resolves elastic#166986 ## Summary Adding `kibana.alert.evalution.threshold` to the alert payload for the ES query rule. This is the field that's shown in the alert details view in Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to the stack alerts mapping, using the same mapping type as the observability rule types. This is typed as a `scaled_float` which is expecting a single value, so the threshold is set in the alert payload only when the threshold is a single value. I will open a followup issue for handling multi-valued thresholds. elastic#172714 <img width="1064" alt="Screenshot 2023-11-20 at 1 10 05 PM" src="https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574"> ## To Verify Create an ES query rule with a single threshold that triggers an alert and give it a Metrics or Logs visibility. Let it run and then look at the alert details for the alert from the Observability alert table. The `Expected Value` row should be populated. (cherry picked from commit ec81569)
kibanamachine
added a commit
that referenced
this issue
Dec 7, 2023
…payload for ES query rule (#171571) (#172814) # Backport This will backport the following commits from `main` to `8.12`: - [[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)](#171571) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-12-07T13:20:34Z","message":"[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)\n\nResolves https://github.com/elastic/kibana/issues/166986\r\n\r\n## Summary\r\n\r\nAdding `kibana.alert.evalution.threshold` to the alert payload for the\r\nES query rule. This is the field that's shown in the alert details view\r\nin Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to\r\nthe stack alerts mapping, using the same mapping type as the\r\nobservability rule types. This is typed as a `scaled_float` which is\r\nexpecting a single value, so the threshold is set in the alert payload\r\nonly when the threshold is a single value. I will open a followup issue\r\nfor handling multi-valued thresholds.\r\nhttps://github.com//issues/172714\r\n\r\n<img width=\"1064\" alt=\"Screenshot 2023-11-20 at 1 10 05 PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574\">\r\n\r\n\r\n## To Verify\r\n\r\nCreate an ES query rule with a single threshold that triggers an alert\r\nand give it a Metrics or Logs visibility. Let it run and then look at\r\nthe alert details for the alert from the Observability alert table. The\r\n`Expected Value` row should be populated.","sha":"ec81569930bb91a55fec1ee8925826d804348361","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Feature:Alerting","Team:ResponseOps","v8.12.0","Team:obs-ux-management","v8.13.0"],"number":171571,"url":"https://github.com/elastic/kibana/pull/171571","mergeCommit":{"message":"[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)\n\nResolves https://github.com/elastic/kibana/issues/166986\r\n\r\n## Summary\r\n\r\nAdding `kibana.alert.evalution.threshold` to the alert payload for the\r\nES query rule. This is the field that's shown in the alert details view\r\nin Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to\r\nthe stack alerts mapping, using the same mapping type as the\r\nobservability rule types. This is typed as a `scaled_float` which is\r\nexpecting a single value, so the threshold is set in the alert payload\r\nonly when the threshold is a single value. I will open a followup issue\r\nfor handling multi-valued thresholds.\r\nhttps://github.com//issues/172714\r\n\r\n<img width=\"1064\" alt=\"Screenshot 2023-11-20 at 1 10 05 PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574\">\r\n\r\n\r\n## To Verify\r\n\r\nCreate an ES query rule with a single threshold that triggers an alert\r\nand give it a Metrics or Logs visibility. Let it run and then look at\r\nthe alert details for the alert from the Observability alert table. The\r\n`Expected Value` row should be populated.","sha":"ec81569930bb91a55fec1ee8925826d804348361"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/171571","number":171571,"mergeCommit":{"message":"[Response Ops][Alerting] Adding evaluation threshold to alert payload for ES query rule (#171571)\n\nResolves https://github.com/elastic/kibana/issues/166986\r\n\r\n## Summary\r\n\r\nAdding `kibana.alert.evalution.threshold` to the alert payload for the\r\nES query rule. This is the field that's shown in the alert details view\r\nin Observability. To show this, we add `ALERT_EVALUATION_CONDITIONS` to\r\nthe stack alerts mapping, using the same mapping type as the\r\nobservability rule types. This is typed as a `scaled_float` which is\r\nexpecting a single value, so the threshold is set in the alert payload\r\nonly when the threshold is a single value. I will open a followup issue\r\nfor handling multi-valued thresholds.\r\nhttps://github.com//issues/172714\r\n\r\n<img width=\"1064\" alt=\"Screenshot 2023-11-20 at 1 10 05 PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/13104637/e265a9e8-4bbf-4d3e-a6bc-e69b774c7574\">\r\n\r\n\r\n## To Verify\r\n\r\nCreate an ES query rule with a single threshold that triggers an alert\r\nand give it a Metrics or Logs visibility. Let it run and then look at\r\nthe alert details for the alert from the Observability alert table. The\r\n`Expected Value` row should be populated.","sha":"ec81569930bb91a55fec1ee8925826d804348361"}}]}] BACKPORT--> Co-authored-by: Ying Mao <[email protected]>
|
@fkanout / @benakansara / @maryam-saeidi I think this has been fixed but can one of you verify and then close this, if it has? Thanks! |
|
@jasonrhodes We are not saving threshold in alert doc when there are multiple values (between, not between comparators), but we are showing this info in alert flyout in Observability based on the rule parameters. I think we can do the same for alert flyout in Stack management. Also, related to this, we are going to show "Multiple values" link (related issue, discussion on slack) in alerts table when there are multiple thresholds.
|
|
Oh that flyout is a separate code path? |
|
It appears so, also, I noticed that it's not possible to open alert details page from Stack management UI, clicking on "Alert details" in alerts table opens the alert flyout (maybe this is ok since not all stack alerts have alert detail pages). |
|
As mentioned in this comment, this issue has been fixed in observability. In stack management, we have a separate flyout, so I will pass this ticket to the responseOps team to improve it on their side. |
maryam-saeidi
removed
Team:obs-ux-management
maryam-saeidi
added
Team:ResponseOps
|
@elastic/response-ops FYI, I removed this ticket from our board, but I cannot add it to your board. |
|
Thanks @maryam-saeidi! I will add it to our board. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the alert details flyout for Observability, the
Expected valuefield will only accept a single numerical value, which works for most cases but in the ES query rule type, we also have conditions that matchbetween X and Yandnot between X and Y, where there are 2 values for the threshold. We need to update this value to handle multi threshold conditions.The text was updated successfully, but these errors were encountered: