Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[alerting event log] add event log for alert execution and alerts scheduling actions #55636

Closed
pmuellr opened this issue Jan 22, 2020 · 4 comments · Fixed by #61706
Closed

[alerting event log] add event log for alert execution and alerts scheduling actions #55636

pmuellr opened this issue Jan 22, 2020 · 4 comments · Fixed by #61706
Assignees
@pmuellr
Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@pmuellr
Copy link
Member

pmuellr commented Jan 22, 2020

As the next parts of alerting to instrument with event log entries, it seems like alerting activities will be the most interesting thing to do. At a minimum this would be to add an event log entry when an alert executor indicates that actions should be run via scheduleActions(). We probably also want one when the alert execution function is run.
@pmuellr pmuellr added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Jan 22, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@pmuellr pmuellr mentioned this issue Jan 23, 2020
Closed
21 tasks
@peterschretlen
Copy link
Contributor

To support the alert details view, and doing things like annotating charts with alert occurrences, we might also want to log

  • when a new alert instance is created
  • when an alert instance clears

Or status changes in between ( related to #51099 )

@peterschretlen peterschretlen mentioned this issue Feb 27, 2020
Closed
@joshdover joshdover mentioned this issue Mar 17, 2020
Closed
30 tasks
@mikecote
Copy link
Contributor

There's also some questions about if we should be tracking execution failures:

  • alert execution
  • alert action execution

@pmuellr pmuellr self-assigned this Mar 27, 2020
@pmuellr pmuellr mentioned this issue Mar 27, 2020
Merged
1 task
@pmuellr
Copy link
Member Author

pmuellr commented Mar 27, 2020

There's also some questions about if we should be tracking execution failures:

  • alert execution
  • alert action execution

For alert execution, it appears we don't catch errors, which we'll need to start doing to generate event log entries with the error. Code here:

kibana/x-pack/plugins/alerting/server/task_runner/task_runner.ts

Lines 168 to 184 in 8d539aa

const updatedAlertTypeState = await this.alertType.executor({
alertId,
services: {
...services,
alertInstanceFactory: createAlertInstanceFactory(alertInstances),
},
params,
state: alertTypeState,
startedAt: this.taskInstance.startedAt!,
previousStartedAt: previousStartedAt ? new Date(previousStartedAt) : null,
spaceId,
namespace,
name,
tags,
createdBy,
updatedBy,
});

For alert action execution, the alert code just queues up the actions with task manager, so the only "error" would be in queuing up the work, I think.

There's a missing link, for action execution itself, in that it doesn't have an alert id - that would be nice, and we may need it - but we will be generating an event that includes both the alert and action id when the action is queued to be run. We could figure out how to pass a "producer" or such to action execution to track things like action ids.

@pmuellr pmuellr mentioned this issue Apr 1, 2020
Closed
21 tasks
@mikecote mikecote mentioned this issue Apr 2, 2020
Closed
pmuellr added a commit to pmuellr/kibana that referenced this issue Apr 2, 2020
@pmuellr
[Alerting] write event log entries for alert execution and it's actions
df94dce 
resolves elastic#55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
pmuellr added a commit that referenced this issue Apr 6, 2020
@pmuellr
[Alerting] write event log entries for alert execution and it's actio…
113181b 
…ns (#61706)

resolves #55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
pmuellr added a commit to pmuellr/kibana that referenced this issue Apr 6, 2020
@pmuellr
[Alerting] write event log entries for alert execution and it's actio…
6cbdfd3 
…ns (elastic#61706)

resolves elastic#55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
pmuellr added a commit that referenced this issue Apr 6, 2020
@pmuellr
[Alerting] write event log entries for alert execution and it's actio…
daa5a7a 
…ns (#61706) (#62622)

resolves #55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmuellr pmuellr

Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Alerting] write event log entries for alert execution and it's actions pmuellr/kibana
5 participants
@pmuellr @kobelb @mikecote @peterschretlen @elasticmachine