Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAC] Replace usages of kibana.alert.status: open with active #109033

Merged
merged 20 commits into from
Aug 26, 2021

Conversation

marshallmain
Copy link
Contributor

@marshallmain marshallmain commented Aug 18, 2021

Summary

Addresses #108607
Per the schema, kibana.alert.status is to be populated with active or recovered. A few places were using open and closed instead, which are the values for kibana.alert.workflow_status. This PR replaces those usages with the correct values.

Checklist

Delete any items that are not applicable to this PR.

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk Probability Severity Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space. Low High Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. High Low Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled. Medium High Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

@marshallmain marshallmain changed the title Replace usages of alert.status: open with active [RAC] Replace usages of alert.status: open with active Aug 18, 2021
@marshallmain marshallmain changed the title [RAC] Replace usages of alert.status: open with active [RAC] Replace usages of kibana.alert.status: open with active Aug 18, 2021
@marshallmain marshallmain marked this pull request as ready for review August 18, 2021 23:58
@marshallmain marshallmain requested review from a team as code owners August 18, 2021 23:58
@marshallmain marshallmain added v7.15.0 v7.16.0 v8.0.0 auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detections and Resp Security Detection Response Team labels Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@botelastic botelastic bot added Team:APM All issues that need APM UI Team support Team:Uptime - DEPRECATED Synthetics & RUM sub-team of Application Observability labels Aug 19, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/uptime (Team:uptime)

@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:apm)

Copy link
Contributor

@smith smith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

APM changes look good

Copy link
Contributor

@justinkambic justinkambic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marshallmain
Copy link
Contributor Author

@elasticmachine merge upstream

@marshallmain
Copy link
Contributor Author

@elasticmachine merge upstream

@marshallmain marshallmain requested a review from a team August 23, 2021 16:51
@mgiota
Copy link
Contributor

mgiota commented Aug 24, 2021

@marshallmain We also replace usages of kibana.alert.status: open with active in this PR #108679. Your PR is missing some changes for the Observability alerts page 9142be5.

Could you review our open PR again? Failing tests are fixed and PR is ready for review.

@marshallmain
Copy link
Contributor Author

@mgiota thanks for the heads up, I'll review that PR now! For this PR, I'll wait until #108679 is merged since there's some overlap and then make another pass through the code base to make sure this PR catches the remaining places where ALERT_STATUS has unexpected values.

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.5MB 6.5MB +54.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
uptime 36.7KB 36.8KB +50.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@@ -129,12 +132,11 @@ The following fields are defined in the technical field component template and s
- `kibana.alert.rule.consumer`: the feature which produced the alert (inherited from the rule producer field). Usually a Kibana feature id like `apm`, `siem`...
- `kibana.alert.id`: the id of the alert, that is unique within the context of the rule execution it was created in. E.g., for a rule that monitors latency for all services in all environments, this might be `opbeans-java:production`.
- `kibana.alert.uuid`: the unique identifier for the alert during its lifespan. If an alert recovers (or closes), this identifier is re-generated when it is opened again.
- `kibana.alert.status`: the status of the alert. Can be `open` or `closed`.
- `kibana.alert.status`: the status of the alert. Can be `active` or `recovered`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have an entry for kibana.alert.workflow_status as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the readme is pretty out of date so I'm planning to update the rest of it in a follow up PR

Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out, tested locally, reviewed code, and all LGTM! 👍 🚀

One note, in testing it was discovered that if you have the xpack.securitySolution.signalsIndex kibana.yml configuration set, the Alerts table bsearch will still query the specified .siem-signals index instead of the AAD index, and can result in no documents being displays. This configuration isn't officially supported, but wanted to note the behavior. The histogram and counts table continues to use the find API and returns data though. cc @XavierM

@marshallmain marshallmain merged commit 682bc7c into elastic:master Aug 26, 2021
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Aug 26, 2021
…c#109033)

* Replace usages of alert.status: open with active

* Update unit tests

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen within APM ftr config

* Add disableWelcomeScreen option to security solution cypress config

* Fix reference to workflow status

* oops

* Remove duplicate disableWelcomeScreen

* Update README.md

Co-authored-by: Kibana Machine <[email protected]>
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Aug 26, 2021
…c#109033)

* Replace usages of alert.status: open with active

* Update unit tests

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen within APM ftr config

* Add disableWelcomeScreen option to security solution cypress config

* Fix reference to workflow status

* oops

* Remove duplicate disableWelcomeScreen

* Update README.md

Co-authored-by: Kibana Machine <[email protected]>
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.15
7.x

The backport PRs will be merged automatically after passing CI.

marshallmain added a commit to marshallmain/kibana that referenced this pull request Aug 27, 2021
…c#109033)

* Replace usages of alert.status: open with active

* Update unit tests

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen within APM ftr config

* Add disableWelcomeScreen option to security solution cypress config

* Fix reference to workflow status

* oops

* Remove duplicate disableWelcomeScreen

* Update README.md

Co-authored-by: Kibana Machine <[email protected]>
marshallmain added a commit to marshallmain/kibana that referenced this pull request Aug 27, 2021
…c#109033)

* Replace usages of alert.status: open with active

* Update unit tests

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen within APM ftr config

* Add disableWelcomeScreen option to security solution cypress config

* Fix reference to workflow status

* oops

* Remove duplicate disableWelcomeScreen

* Update README.md

Co-authored-by: Kibana Machine <[email protected]>
marshallmain added a commit that referenced this pull request Aug 27, 2021
…109033) (#110384)

* [RAC] Replace usages of kibana.alert.status: open with active (#109033)

* Replace usages of alert.status: open with active

* Update unit tests

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen within APM ftr config

* Add disableWelcomeScreen option to security solution cypress config

* Fix reference to workflow status

* oops

* Remove duplicate disableWelcomeScreen

* Update README.md

Co-authored-by: Kibana Machine <[email protected]>

* Fix remaining reference to ALERT_STATUS

Co-authored-by: Kibana Machine <[email protected]>
marshallmain added a commit that referenced this pull request Aug 27, 2021
…109033) (#110383)

* [RAC] Replace usages of kibana.alert.status: open with active (#109033)

* Replace usages of alert.status: open with active

* Update unit tests

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen within APM ftr config

* Add disableWelcomeScreen option to security solution cypress config

* Fix reference to workflow status

* oops

* Remove duplicate disableWelcomeScreen

* Update README.md

Co-authored-by: Kibana Machine <[email protected]>

* Fix remaining reference to ALERT_STATUS

Co-authored-by: Kibana Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:APM All issues that need APM UI Team support Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Uptime - DEPRECATED Synthetics & RUM sub-team of Application Observability v7.15.0 v7.16.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants