[Alerting][Docs] Adding query to identify long running rules to docs #98773
Conversation
ymao1
added
Feature:Alerting
release_note:skip
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
|
Would we want to include a link to the event log readme, which documents the fields in the event log? https://github.com/elastic/kibana/blob/master/x-pack/plugins/event_log/README.md I don't think we tend to do this sort of thing in practice, but for a section like this, right now, seems fine. I guess open an issue to get some of the info in that README added to the asciidoc ... |
| [IMPORTANT] | ||
| ============================================== | ||
| By default, only user with a `superuser` role can query the {kib} event log because it is a system index. To enable additional users to execute this query, assign `read` privileges to the `.kibana-event-log*` index. | ||
| ============================================== |
There was a problem hiding this comment.
@gchaps Can you review this addition to the docs? Thank you!
@gchaps Is it ok to link to a README in github from user facing docs? I don't see another example of this so wanted to check. |
…ing/troubleshooting-docs
There was a problem hiding this comment.
Looking good!
Made a comment about perhaps changing the histogram interval. 10 seconds seems like too long as a bucket size. I hope it is!
Also noted the output has some histogram key values which seem to be nanosecond instead of the new (awesome) runtime field that converts that to seconds.
ymao1
added
the
auto-backport
…lastic#98773) * Adding query to identify long running rules to docs * Wording suggestsion from PR review * Adding event.provider to query. Allowing copy to console * Adding note for system privileges * Adding runtime field to query * Removing extra dollar sign * PR fixes
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
…98773) (#99141) * Adding query to identify long running rules to docs * Wording suggestsion from PR review * Adding event.provider to query. Allowing copy to console * Adding note for system privileges * Adding runtime field to query * Removing extra dollar sign * PR fixes Co-authored-by: ymao1 <[email protected]>
Resolves #98729
Summary
Docs preview: https://kibana_98773.docs-preview.app.elstc.co/guide/en/kibana/master/alerting-troubleshooting.html#rules-long-execution-time
Checklist