You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR serializes the "action context" into ALERT_CONTEXT and stores it in the Alert-As-Data index. This will be used by the "alert detail page" to display group by details along with other information from the alert context.
I just wanted to let you know that we already added an attributes for alert detail URL kibana.alert.url, I am wondering if we can build this context when you ask for an alert and use as much possible the ECS. Maybe I am not seeing the full picture here.
I just wanted to let you know that we already added an attributes for alert detail URL kibana.alert.url, I am wondering if we can build this context when you ask for an alert and use as much possible the ECS. Maybe I am not seeing the full picture here.
++ to Xavier's recommendation. I don't think that we should be putting the entire action context into the alert as it duplicates a lot of the information that we already have in the alert in different fields. I'd prefer we add additional fields to the alert to allow us to recreate the "context" in the flyout.
If you feel strongly that the benefits we get from this approach outweigh the drawbacks, can we rename kibana.alert.context to kibana.alert.observability.context to make it explicit that this field is only relevant to observability alerts?
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
simianhacker
added
v8.9.0
Team: Actionable Observability - DEPRECATED
Summary
This PR serializes the "action context" into
ALERT_CONTEXTand stores it in the Alert-As-Data index. This will be used by the "alert detail page" to display group by details along with other information from the alert context.Fixes #155534
Fixes #154126