[Monitoring] Dot prefixed indices are ignored for Alerts #99396
Comments
simianhacker
added
bug
|
Pinging @elastic/stack-monitoring (Team:Monitoring) |
|
@simianhacker This was done intentionally: #89410 (comment), but you have a valid point. Maybe a better UX would be to default to something like cc: @ravikesarwani |
|
In my mind alerts needs to be actionable by the users. Indices starting with "." are internal indices that we as Elastic own and not something that the solution users should really care about. If we are really growing our internal indices to more than the recommended size (50 GB, but we are using 55 GB default to account for 10% grace) then we should fix that rather than alert users about it. |
|
@ravikesarwani I see your point, but the user can still control that by proxy, eg: to control |
|
@ravikesarwani @simianhacker I'm going to add the |
igoristic
removed
the
bug
|
I am good with that. It makes explicit that we are excluding dot prefixed indices by default. |
Kibana version:
master
Elasticsearch version:
master
Original install method (e.g. download page, yum, from source, etc.):
source
Describe the bug:
I was testing alerting with some data from Agent, specifically the "Shard size" alert. I set the alert to a ridiculously low value to ensure it would still fire. When it didn't fire I started to investigate and realized that we are ignoring dot prefixed indices. This seems like a huge hole in our alerting since dot prefixed indices can grow as well.
Steps to reproduce:
0.00000000000001Expected behavior:
I would expect that alerts are run on all indices regardless of the name when the index pattern is set to
*. I understand that dot prefix indices are technically "hidden" but they are also resource that can grow and have issues.The text was updated successfully, but these errors were encountered: