From 4538f9889c0bc5dbd761c44feaf21d158056d997 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Wed, 29 Mar 2023 11:48:12 -0700 Subject: [PATCH] [DOCS] Add alerting known issue (#153905) --- docs/CHANGELOG.asciidoc | 27 ++++++++ .../alerting/rule-types/es-query.asciidoc | 9 ++- .../rule-types/geo-rule-types.asciidoc | 62 ++++++++++++++++++- 3 files changed, 94 insertions(+), 4 deletions(-) diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc index b6488d2eb6f43..8dc5069638118 100644 --- a/docs/CHANGELOG.asciidoc +++ b/docs/CHANGELOG.asciidoc @@ -60,6 +60,12 @@ There are no breaking changes in {kib} 8.6.2. {kibana-ref-all}/8.5/release-notes-8.5.0.html#breaking-changes-8.5.0[8.5.0] | {kibana-ref-all}/8.4/release-notes-8.4.0.html#breaking-changes-8.4.0[8.4.0] | {kibana-ref-all}/8.3/release-notes-8.3.0.html#breaking-changes-8.3.0[8.3.0] | {kibana-ref-all}/8.2/release-notes-8.2.0.html#breaking-changes-8.2.0[8.2.0] | {kibana-ref-all}/8.1/release-notes-8.1.0.html#breaking-changes-8.1.0[8.1.0] | {kibana-ref-all}/8.0/release-notes-8.0.0.html#breaking-changes-8.0.0[8.0.0] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc2.html#breaking-changes-8.0.0-rc2[8.0.0-rc2] | {kibana-ref-all}/8.0/release-notes-8.0.0-rc1.html#breaking-changes-8.0.0-rc1[8.0.0-rc1] | {kibana-ref-all}/8.0/release-notes-8.0.0-beta1.html#breaking-changes-8.0.0-beta1[8.0.0-beta1] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha2.html#breaking-changes-8.0.0-alpha2[8.0.0-alpha2] | {kibana-ref-all}/8.0/release-notes-8.0.0-alpha1.html#breaking-changes-8.0.0-alpha1[8.0.0-alpha1] +[float] +[[known-issues-8.6.2]] +=== Known issues + +include::CHANGELOG.asciidoc[tag=known-issue-153175] + [float] [[enhancement-v8.6.2]] === Enhancements @@ -106,6 +112,12 @@ Omit or include `ssl` keys when appropriate for project monitors and private loc Review the following information about the {kib} 8.6.1 release. +[float] +[[known-issues-8.6.1]] +=== Known issues + +include::CHANGELOG.asciidoc[tag=known-issue-153175] + [float] [[breaking-changes-8.6.1]] === Breaking changes @@ -180,6 +192,19 @@ Review the following information about the {kib} 8.6.0 release. [[known-issues-8.6.0]] === Known issues +// tag::known-issue-153175[] +[discrete] +.Unable to load *{stack-manage-app}* > *{rules-ui}* due to corrupted rule definitions +[%collapsible] +==== +*Details* + +Releases 8.5 and 8.6 have a bug that corrupts rules when you update API keys or manage snooze schedules. In particular, it affects tracking containment rules and {es} query rules with KQL or Lucene query types. Releases 8.7 and beyond do not include this bug (fixed in {kibana-pull}153370[#153370]). + +*Impact* + +This known issue causes "unable to load rules" messages to occur in *{stack-manage-app}* > *{rules-ui}*. To temporarily work around the problem, copy the rule content (params, name, tags, actions) for the problematic rules, delete the rules, then recreate them. For more details, refer to <> and <>. +==== +// end::known-issue-153175[] + [discrete] [[known-issue-146020]] .Attempting to create APM latency threshold rules from the Observability rules page fail @@ -187,6 +212,7 @@ Review the following information about the {kib} 8.6.0 release. ==== *Details* + When you attempt to create an APM latency threshold rule in **Observability** > **Alerts** > **Rules** for all services or all transaction types, the request will fail with a `params invalid` error. + *Impact* + This known issue only impacts the Observability Rules page. To work around this issue, create APM latency threshold rules in the APM Alerts and Rules dialog. See {kibana-ref}/apm-alerts.html[Alerts and rules] for detailed instructions. ==== @@ -199,6 +225,7 @@ This known issue only impacts the Observability Rules page. To work around this When you upgrade to 8.6.0, progress bars on existing *Lens* metric visualizations are hidden. To display progress bars in existing *Lens* metric visualizations: + . Open the main menu, then click *Visualize Library*. . From the *Visualize Library* list, click the metric visualization. . In *Lens*, click the *Primary metric* field in the layer pane. diff --git a/docs/user/alerting/rule-types/es-query.asciidoc b/docs/user/alerting/rule-types/es-query.asciidoc index c838200e637e1..b5e8b5831df26 100644 --- a/docs/user/alerting/rule-types/es-query.asciidoc +++ b/docs/user/alerting/rule-types/es-query.asciidoc @@ -154,4 +154,11 @@ window of 1 hour and checks if there are more than 99 matches for the query. The | `Run 4 (0:03)` | Rule finds 190 matches in the last hour. 71 of them are duplicates that were already alerted on previously, so you actually have 119 matches: `119 > 99` | Rule is active and user is alerted. -|=== \ No newline at end of file +|=== + + +[float] +[[rule-type-es-query-issues]] +=== Known issues + +include::geo-rule-types.asciidoc[tag=known-issue-load-rules] \ No newline at end of file diff --git a/docs/user/alerting/rule-types/geo-rule-types.asciidoc b/docs/user/alerting/rule-types/geo-rule-types.asciidoc index 454c51ad69860..bfc0f43e9ffb3 100644 --- a/docs/user/alerting/rule-types/geo-rule-types.asciidoc +++ b/docs/user/alerting/rule-types/geo-rule-types.asciidoc @@ -1,14 +1,13 @@ -[role="xpack"] [[geo-alerting]] === Tracking containment -<> offers the Tracking containment rule type which runs an {es} query over indices to determine whether any +<> offers the tracking containment rule type which runs an {es} query over indices to determine whether any documents are currently contained within any boundaries from the specified boundary index. In the event that an entity is contained within a boundary, an alert may be generated. [float] ==== Requirements -To create a Tracking containment rule, the following requirements must be present: +To create a tracking containment rule, the following requirements must be present: - *Tracks index or data view*: An index containing a `geo_point` field, `date` field, and some form of entity identifier. An entity identifier is a `keyword` or `number` @@ -58,3 +57,60 @@ is no longer contained. [role="screenshot"] image::user/alerting/images/alert-types-tracking-containment-action-options.png[Five clauses define the condition to detect] + +[float] +[[geo-alerting-issues]] +==== Known issues + +// The following content is reused in other rule types +// tag::known-issue-load-rules[] +There is a known issue in 8.5 and 8.6 that results in corruption of the rule definition when you update API keys or add or remove snooze schedules in *{stack-manage-app}* > *{rules-ui}*. +In particular, this bug affects {es} query rules with the KQL or Lucene query type and tracking containment rules. +As a result of this bug, an "Unable to load rules" error occurs in *{rules-ui}*. + +The long-term solution is to migrate to the latest release; 8.7 and later releases contain the fix for this bug. +If you encounter this bug in {minor-version}, you can recover access to your rules in {kib} by using APIs to delete and recreate them: + +. Find the affected rules. For example, run the following query in *{dev-tools-app}*: ++ +-- +[source,console] +---- +GET .kibana*/_search +{ + "query": { + "bool": { + "filter": [ + { + "terms": { + "alert.alertTypeId": [ + ".es-query", + ".geo-containment" + ] + } + } + ], + "must_not": { + "exists": { + "field": "references" + } + } + } + } +} +---- +-- +. Make a copy of the query output, since you will use it to recreate the rules. +. Delete the affected rules. For example, run the following query in *{dev-tools-app}*, replacing `` with the appropriate rule identifiers: ++ +-- +[source,console] +---- +DELETE kbn:/api/alerting/rule/ +---- +-- +. Recreate the rules. For example, use *{stack-manage-app}* > *{rules-ui}* or the <> with the property values obtained from your query output. + +NOTE: If you update the API keys or add or remove snooze schedules again, the problem will re-occur until you upgrade to a release that contains the fix. + +// end::known-issue-load-rules[]