-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Discover] Improve warn feedback when data view has changed after rule creation #144908
[Discover] Improve warn feedback when data view has changed after rule creation #144908
Conversation
…-warn-feedback-after-data-view-change # Conflicts: # src/plugins/discover/public/application/view_alert/view_alert_route.tsx
Pinging @elastic/kibana-data-discovery (Team:DataDiscovery) |
Can you provide verification steps? I created a data view and then created a Discover rule with that data view. Then I changed a field in the data view to set a custom label and the next rule run navigated to the provided link and saw no warning toast. Maybe that's not the type of data view change this triggers off of? |
Seems like this PR also includes a fix to get the space id in the generated link. Was that intended to be here? I think I'd prefer it to be a separate issue, but not a biggie. I think there is either an issue or maybe SDH open for that? If so, could we link it here for future reference - I found a Slack reference to the issue, but not an actual issue, so chasing down from there. |
@elasticmachine merge upstream |
Sure, added to description. |
Not really, could you share a link to the issue with space id in generated link? |
@@ -27,8 +33,14 @@ export async function fetchSearchSourceQuery( | |||
|
|||
const initialSearchSource = await searchSourceClient.create(params.searchConfiguration); | |||
|
|||
const index = initialSearchSource.getField('index') as DataView; | |||
if (!isTimeBasedDataView(index)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there another issue to prevent rules from being created with non time based data views? Typically we like to prevent situations where users can create rules that error with every execution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, there is another issue for this case #135806
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Response Ops changes LGTM. Left a comment about preventing users from creating rules where the data view is not time based. This can be addressed in a separate issue but I think it's important to address.
const getCurrentChecksum = (params: SearchThresholdAlertParams) => | ||
sha256.create().update(JSON.stringify(params)).hex(); | ||
const getDataViewParamsChecksum = (dataViewSpec: DataViewSpec) => { | ||
const { title, timeFieldName, sourceFilters, runtimeFieldMap } = dataViewSpec; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think changing the source filters changes the output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually we can filter out some field, then it will be unavailable on Discover. It first was found here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but it won't alter the output of the alert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but here we are deciding whether to show Data View has changed
toast message. When he/she opens the alert results and data view has changed in the meantime, we detect it by comparing checksum.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When he/she opens the alert results and data view has changed in the meantime, we detect it by comparing checksum.
Yes, I understand that, but maybe there's something else I'm missing. Can you describe the steps a user might take where a change to source filters deserves this toast?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I've updated description
Actually, there's another case that we might want to consider handling. sourceFilters brought to my attention that there are two types of changes that can occur. Alterations to the triggering of alerts and alterations to the display of the subsequent data. sourceFilters affect display but not trigger. Field formats are similar. As best I can tell, this won't pick up changes to scripted fields. Also, it should be noted that its possible for the field mapping to change which won't be caught either. |
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @dimaanj |
I do agree that |
@dimaanj I'm not sure which fields are relevant to this, thats a product question. I merely thought it was worth summarizing all of them. |
Closing it, since #146403 created instead |
Summary
Closes #134232
This PR reduces cases Data view changed toast will appearance. It appears only on changing one of the following parameters.
kibana/src/plugins/discover/public/application/view_alert/view_alert_route.tsx
Line 23 in 317db09
Test notes
test
test
indexesQuery
alert inKQL or Lucene
mode or just using DiscoverAlerts
button.IS ABOVE: 1
,FOR THE LAST: 30 min
.Test query
. It should match some results.test
data view in DiscoverDataView
change.Checklist