Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting] write event log entries for alert execution and it's actions #61706

Merged
merged 4 commits into from
Apr 6, 2020
Merged

[Alerting] write event log entries for alert execution and it's actions #61706

merged 4 commits into from
Apr 6, 2020

Conversation

pmuellr
Copy link
Member

@pmuellr pmuellr commented Mar 27, 2020
edited
Loading

resolves #55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.

First step in getting event logging working with alerts/actions, see umbrella issue #62221

Checklist

@pmuellr pmuellr added Feature:Alerting v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.8.0 labels Mar 27, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@pmuellr pmuellr force-pushed the alert/basic-events-alerts branch 2 times, most recently from 8f409ef to 981b106 Compare March 31, 2020 05:15
@mikecote mikecote mentioned this pull request Apr 1, 2020
Merged
@pmuellr pmuellr force-pushed the alert/basic-events-alerts branch from dcc3c56 to b472eba Compare April 2, 2020 13:33
@pmuellr
[Alerting] write event log entries for alert execution and it's actions
df94dce 
resolves elastic#55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
@pmuellr pmuellr force-pushed the alert/basic-events-alerts branch from b472eba to df94dce Compare April 2, 2020 17:24
@pmuellr pmuellr marked this pull request as ready for review April 2, 2020 18:03
@pmuellr pmuellr requested a review from a team as a code owner April 2, 2020 18:03
YulNaumenko
YulNaumenko approved these changes Apr 2, 2020
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

gmmorris
gmmorris approved these changes Apr 2, 2020
View reviewed changes
Copy link
Contributor

@gmmorris gmmorris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, other than the message which I feel we should make a big clearer as it is likely to find its way into our UI rather than just begin a log line.

x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts Outdated
},
],
},
"message": "alert: test:1: name-of-alert instanceId: 2 scheduled actionGroup: default action: test:1",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we perhaps use quotes around the IDs just to make this a bit more readable?
As we'll likely be displaying this in the UI at some point, it might be worth figuring out how to make these clearer.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, I'll add some quotes - I think I had them in for a while, but removed them during some clean up.

We'll have to have a discussion about these message properties. I'm currently thinking they're useless. Messages like this are supposed to be for humans to help search through the bits, but the current use cases don't include stories like that. We should probably have all the data they need as fields in the docs. Or perhaps easier, feed all the fields into a text field via copy_to, which gives us the text search capability.

Note today, the message does include info like alert name, type, that is not yet in the actual event doc. Denormalizing those bits is a bullet point in the umbrella issue #62221

@pmuellr
Copy link
Member Author

pmuellr commented Apr 2, 2020

@elasticmachine merge upstream

@pmuellr
Copy link
Member Author

pmuellr commented Apr 6, 2020

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@pmuellr pmuellr merged commit 113181b into elastic:master Apr 6, 2020
@pmuellr pmuellr mentioned this pull request Apr 6, 2020
Merged
pmuellr added a commit to pmuellr/kibana that referenced this pull request Apr 6, 2020
@pmuellr
[Alerting] write event log entries for alert execution and it's actio…
6cbdfd3 
…ns (elastic#61706)

resolves elastic#55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
pmuellr added a commit that referenced this pull request Apr 6, 2020
@pmuellr
[Alerting] write event log entries for alert execution and it's actio…
daa5a7a 
…ns (#61706) (#62622)

resolves #55636

Writes eventLog events for alert executions, and the actions executed from
that alert execution.
@pmuellr pmuellr mentioned this pull request Apr 15, 2020
Closed
@mikecote mikecote removed the release_note:skip Skip the PR/issue when compiling release notes label Apr 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YulNaumenko YulNaumenko YulNaumenko approved these changes

@gmmorris gmmorris gmmorris approved these changes

Assignees
No one assigned
Labels
backported Feature:Alerting release_note:enhancement Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.8.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[alerting event log] add event log for alert execution and alerts scheduling actions
6 participants
@pmuellr @elasticmachine @kibanamachine @gmmorris @YulNaumenko @mikecote