From 0dabaca508710c578b999a686e6effca77b28d45 Mon Sep 17 00:00:00 2001 From: Walter Rafelsberger Date: Tue, 1 Aug 2023 18:37:13 +0200 Subject: [PATCH] [ML] AIOps: Adds dip support for log rate analysis in observability alert details page. (#162476) Adds support for analysing dips for log rate analysis on Observability's alert details page. - This removes the filter against `Comparator.GT/Comparator.GT_OR_EQ` which hides log rate analysis for log threshold alerts. Instead an `analysisType` is passed on to log rate analysis: When analysing dips the baseline and deviation ranges will be switched for both the analysis and the brush labels on the document count chart. - Updates all references to "spikes" only in UI text, e.g. the AI Assistant prompt. --- .../document_count_chart.tsx | 11 ++- .../aiops_utils/src/get_window_parameters.ts | 8 +- .../common/api/log_rate_analysis/schema.ts | 2 +- x-pack/plugins/aiops/common/constants.ts | 9 +- .../document_count_content.tsx | 6 +- .../log_rate_analysis_content.tsx | 12 ++- .../log_rate_analysis_content_wrapper.tsx | 5 ++ .../log_rate_analysis_page.tsx | 2 +- .../log_rate_analysis_results.tsx | 17 +++- x-pack/plugins/aiops/public/index.ts | 2 + .../fetch_significant_term_p_values.ts | 7 +- .../components/log_rate_analysis.tsx | 87 +++++++++++++------ .../alert_details_app_section/index.tsx | 4 +- ...ke_query.ts => log_rate_analysis_query.ts} | 2 +- x-pack/plugins/ml/common/constants/locator.ts | 6 ++ .../components/ml_page/side_nav.tsx | 2 +- .../routes/aiops/log_rate_analysis.tsx | 4 +- .../routes/new_job/index_or_search.tsx | 4 +- .../translations/translations/fr-FR.json | 2 +- .../translations/translations/ja-JP.json | 2 +- .../translations/translations/zh-CN.json | 2 +- 21 files changed, 137 insertions(+), 59 deletions(-) rename x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/{log_rate_spike_query.ts => log_rate_analysis_query.ts} (97%) diff --git a/x-pack/packages/ml/aiops_components/src/document_count_chart/document_count_chart.tsx b/x-pack/packages/ml/aiops_components/src/document_count_chart/document_count_chart.tsx index 5b488522d23c7..f20c5311d183a 100644 --- a/x-pack/packages/ml/aiops_components/src/document_count_chart/document_count_chart.tsx +++ b/x-pack/packages/ml/aiops_components/src/document_count_chart/document_count_chart.tsx @@ -20,6 +20,10 @@ import { XYChartElementEvent, XYBrushEvent, } from '@elastic/charts'; +import { + BarStyleAccessor, + RectAnnotationSpec, +} from '@elastic/charts/dist/chart_types/xy_chart/utils/specs'; import { i18n } from '@kbn/i18n'; import { IUiSettingsClient } from '@kbn/core/public'; @@ -27,16 +31,11 @@ import { getSnappedWindowParameters, getWindowParameters } from '@kbn/aiops-util import type { WindowParameters } from '@kbn/aiops-utils'; import { MULTILAYER_TIME_AXIS_STYLE } from '@kbn/charts-plugin/common'; -import { - BarStyleAccessor, - RectAnnotationSpec, -} from '@elastic/charts/dist/chart_types/xy_chart/utils/specs'; - import type { DataPublicPluginStart } from '@kbn/data-plugin/public'; import type { ChartsPluginStart } from '@kbn/charts-plugin/public'; import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; -import { BrushBadge } from './brush_badge'; import { DualBrush, DualBrushAnnotation } from '../..'; +import { BrushBadge } from './brush_badge'; declare global { interface Window { diff --git a/x-pack/packages/ml/aiops_utils/src/get_window_parameters.ts b/x-pack/packages/ml/aiops_utils/src/get_window_parameters.ts index 831342b47b986..806d224defdf4 100644 --- a/x-pack/packages/ml/aiops_utils/src/get_window_parameters.ts +++ b/x-pack/packages/ml/aiops_utils/src/get_window_parameters.ts @@ -8,7 +8,7 @@ import { isPopulatedObject } from '@kbn/ml-is-populated-object'; /** - * Time range definition for baseline and deviation to be used by spike log analysis. + * Time range definition for baseline and deviation to be used by log rate analysis. * * @export * @interface WindowParameters @@ -54,12 +54,12 @@ export const isWindowParameters = (arg: unknown): arg is WindowParameters => * 2. The historical time window prior to the click to use as a baseline. * * The philosophy here is that charts are displayed with different granularities according to their - * overall time window. We select the log spike and historical time windows inline with the + * overall time window. We select the log deviation and historical time windows inline with the * overall time window. * * The algorithm for doing this is based on the typical granularities that exist in machine data. * - * @param clickTime timestamp of the clicked log rate spike. + * @param clickTime timestamp of the clicked log rate deviation. * @param minTime minimum timestamp of the time window to be analysed * @param maxTime maximum timestamp of the time window to be analysed * @returns WindowParameters @@ -103,7 +103,7 @@ export const getWindowParameters = ( * Converts window paramaters from the brushes to “snap” the brushes to the chart histogram bar width and ensure timestamps * correspond to bucket timestamps * - * @param windowParameters time range definition for baseline and deviation to be used by spike log analysis + * @param windowParameters time range definition for baseline and deviation to be used by log rate analysis * @param snapTimestamps time range definition that always corresponds to histogram bucket timestamps * @returns WindowParameters */ diff --git a/x-pack/plugins/aiops/common/api/log_rate_analysis/schema.ts b/x-pack/plugins/aiops/common/api/log_rate_analysis/schema.ts index b7ff67caf51ed..499b61c5ba5ca 100644 --- a/x-pack/plugins/aiops/common/api/log_rate_analysis/schema.ts +++ b/x-pack/plugins/aiops/common/api/log_rate_analysis/schema.ts @@ -19,7 +19,7 @@ export const aiopsLogRateAnalysisSchema = schema.object({ baselineMax: schema.number(), deviationMin: schema.number(), deviationMax: schema.number(), - /** The index to query for log rate spikes */ + /** The index to query for log rate analysis */ index: schema.string(), /** Settings to override headers derived compression and flush fix */ compressResponse: schema.maybe(schema.boolean()), diff --git a/x-pack/plugins/aiops/common/constants.ts b/x-pack/plugins/aiops/common/constants.ts index 38551abe2331c..54df563262999 100644 --- a/x-pack/plugins/aiops/common/constants.ts +++ b/x-pack/plugins/aiops/common/constants.ts @@ -5,7 +5,14 @@ * 2.0. */ -export const SPIKE_ANALYSIS_THRESHOLD = 0.02; +export const LOG_RATE_ANALYSIS_P_VALUE_THRESHOLD = 0.02; + +export const LOG_RATE_ANALYSIS_TYPE = { + SPIKE: 'spike', + DIP: 'dip', +} as const; +export type LogRateAnalysisType = + typeof LOG_RATE_ANALYSIS_TYPE[keyof typeof LOG_RATE_ANALYSIS_TYPE]; // For the technical preview of Log Rate Analysis we use a hard coded seed. // In future versions we might use a user specific seed or let the user costumise it. diff --git a/x-pack/plugins/aiops/public/components/document_count_content/document_count_content/document_count_content.tsx b/x-pack/plugins/aiops/public/components/document_count_content/document_count_content/document_count_content.tsx index cc6e147f5ec00..abb7668384ca9 100644 --- a/x-pack/plugins/aiops/public/components/document_count_content/document_count_content/document_count_content.tsx +++ b/x-pack/plugins/aiops/public/components/document_count_content/document_count_content/document_count_content.tsx @@ -8,14 +8,14 @@ import React, { type FC } from 'react'; import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; - -import type { WindowParameters } from '@kbn/aiops-utils'; - import { BarStyleAccessor, RectAnnotationSpec, } from '@elastic/charts/dist/chart_types/xy_chart/utils/specs'; + +import type { WindowParameters } from '@kbn/aiops-utils'; import { DocumentCountChart, type DocumentCountChartPoint } from '@kbn/aiops-components'; + import { useAiopsAppContext } from '../../../hooks/use_aiops_app_context'; import { DocumentCountStats } from '../../../get_document_stats'; diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content.tsx index ca04bac7d4e23..33180584256df 100644 --- a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content.tsx +++ b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content.tsx @@ -18,6 +18,8 @@ import type { Dictionary } from '@kbn/ml-url-state'; import type { WindowParameters } from '@kbn/aiops-utils'; import type { SignificantTerm } from '@kbn/ml-agg-utils'; +import { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../../../../common/constants'; + import { useData } from '../../../hooks/use_data'; import { DocumentCountContent } from '../../document_count_content/document_count_content'; @@ -46,6 +48,8 @@ export function getDocumentCountStatsSplitLabel( export interface LogRateAnalysisContentProps { /** The data view to analyze. */ dataView: DataView; + /** The type of analysis, whether it's a spike or dip */ + analysisType?: LogRateAnalysisType; setGlobalState?: (params: Dictionary) => void; /** Timestamp for the start of the range for initial analysis */ initialAnalysisStart?: number | WindowParameters; @@ -64,6 +68,7 @@ export interface LogRateAnalysisContentProps { export const LogRateAnalysisContent: FC = ({ dataView, + analysisType = LOG_RATE_ANALYSIS_TYPE.SPIKE, setGlobalState, initialAnalysisStart: incomingInitialAnalysisStart, timeRange, @@ -94,7 +99,7 @@ export const LogRateAnalysisContent: FC = ({ const { documentStats, earliest, latest } = useData( dataView, - 'explain_log_rage_spikes', + 'log_rate_analysis', esSearchQuery, setGlobalState, currentSelectedSignificantTerm, @@ -148,6 +153,7 @@ export const LogRateAnalysisContent: FC = ({ {earliest !== undefined && latest !== undefined && windowParameters !== undefined && ( = ({

} @@ -180,7 +186,7 @@ export const LogRateAnalysisContent: FC = ({

} diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content_wrapper.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content_wrapper.tsx index 1c5db1135d9b3..156bd257bc21c 100644 --- a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content_wrapper.tsx +++ b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content_wrapper.tsx @@ -20,6 +20,7 @@ import { DatePickerContextProvider } from '@kbn/ml-date-picker'; import { UI_SETTINGS } from '@kbn/data-plugin/common'; import { toMountPoint, wrapWithTheme } from '@kbn/kibana-react-plugin/public'; +import { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../../../../common/constants'; import { timeSeriesDataViewWarning } from '../../../application/utils/time_series_dataview_check'; import { AiopsAppContext, type AiopsAppDependencies } from '../../../hooks/use_aiops_app_context'; import { DataSourceContext } from '../../../hooks/use_data_source'; @@ -34,6 +35,8 @@ const localStorage = new Storage(window.localStorage); export interface LogRateAnalysisContentWrapperProps { /** The data view to analyze. */ dataView: DataView; + /** The type of analysis, whether it's a spike or dip */ + analysisType?: LogRateAnalysisType; /** Option to make main histogram sticky */ stickyHistogram?: boolean; /** App dependencies */ @@ -55,6 +58,7 @@ export interface LogRateAnalysisContentWrapperProps { export const LogRateAnalysisContentWrapper: FC = ({ dataView, + analysisType = LOG_RATE_ANALYSIS_TYPE.SPIKE, appDependencies, setGlobalState, initialAnalysisStart, @@ -89,6 +93,7 @@ export const LogRateAnalysisContentWrapper: FC = ({ stickyHistogram }) => { const { timefilter } = useData( dataView, - 'explain_log_rage_spikes', + 'log_rate_analysis', searchQuery, setGlobalState, currentSelectedSignificantTerm, diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx index 43d534e1e1c5c..63c81336cace2 100644 --- a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx +++ b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx @@ -30,6 +30,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import type { SignificantTerm, SignificantTermGroup } from '@kbn/ml-agg-utils'; import { useAiopsAppContext } from '../../hooks/use_aiops_app_context'; +import { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../../../common/constants'; import { initialState, streamReducer } from '../../../common/api/stream_reducer'; import type { AiopsApiLogRateAnalysis } from '../../../common/api'; import { @@ -79,6 +80,8 @@ export interface LogRateAnalysisResultsData { interface LogRateAnalysisResultsProps { /** The data view to analyze. */ dataView: DataView; + /** The type of analysis, whether it's a spike or dip */ + analysisType?: LogRateAnalysisType; /** Start timestamp filter */ earliest: number; /** End timestamp filter */ @@ -104,6 +107,7 @@ interface LogRateAnalysisResultsProps { export const LogRateAnalysisResults: FC = ({ dataView, + analysisType = LOG_RATE_ANALYSIS_TYPE.SPIKE, earliest, isBrushCleared, latest, @@ -170,7 +174,16 @@ export const LogRateAnalysisResults: FC = ({ index: dataView.getIndexPattern(), grouping: true, flushFix: true, - ...windowParameters, + // If analysis type is `spike`, pass on window parameters as is, + // if it's `dip`, swap baseline and deviation. + ...(analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE + ? windowParameters + : { + baselineMin: windowParameters.deviationMin, + baselineMax: windowParameters.deviationMax, + deviationMin: windowParameters.baselineMin, + deviationMax: windowParameters.baselineMax, + }), overrides, sampleProbability, }, @@ -384,7 +397,7 @@ export const LogRateAnalysisResults: FC = ({

} diff --git a/x-pack/plugins/aiops/public/index.ts b/x-pack/plugins/aiops/public/index.ts index 4c9cfb19c9daa..9105d00302c5a 100755 --- a/x-pack/plugins/aiops/public/index.ts +++ b/x-pack/plugins/aiops/public/index.ts @@ -13,6 +13,8 @@ export function plugin() { return new AiopsPlugin(); } +export { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../common/constants'; + export type { AiopsAppDependencies } from './hooks/use_aiops_app_context'; export type { LogRateAnalysisAppStateProps } from './components/log_rate_analysis'; export type { LogCategorizationAppStateProps } from './components/log_categorization'; diff --git a/x-pack/plugins/aiops/server/routes/queries/fetch_significant_term_p_values.ts b/x-pack/plugins/aiops/server/routes/queries/fetch_significant_term_p_values.ts index 2fc91e9b49104..9aa26c5d12ec9 100644 --- a/x-pack/plugins/aiops/server/routes/queries/fetch_significant_term_p_values.ts +++ b/x-pack/plugins/aiops/server/routes/queries/fetch_significant_term_p_values.ts @@ -15,7 +15,10 @@ import { type RandomSamplerWrapper, } from '@kbn/ml-random-sampler-utils'; -import { SPIKE_ANALYSIS_THRESHOLD, RANDOM_SAMPLER_SEED } from '../../../common/constants'; +import { + LOG_RATE_ANALYSIS_P_VALUE_THRESHOLD, + RANDOM_SAMPLER_SEED, +} from '../../../common/constants'; import type { AiopsLogRateAnalysisSchema } from '../../../common/api/log_rate_analysis'; import { isRequestAbortedError } from '../../lib/is_request_aborted_error'; @@ -171,7 +174,7 @@ export const fetchSignificantTermPValues = async ( 0.25 * Math.min(Math.max((bucket.score - 6.908) / 6.908, 0), 1) + 0.25 * Math.min(Math.max((bucket.score - 13.816) / 101.314, 0), 1); - if (typeof pValue === 'number' && pValue < SPIKE_ANALYSIS_THRESHOLD) { + if (typeof pValue === 'number' && pValue < LOG_RATE_ANALYSIS_P_VALUE_THRESHOLD) { result.push({ fieldName, fieldValue: String(bucket.key), diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/components/log_rate_analysis.tsx b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/components/log_rate_analysis.tsx index 7d2bcdbd83dd3..66d26dc836cf1 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/components/log_rate_analysis.tsx +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/components/log_rate_analysis.tsx @@ -13,7 +13,12 @@ import { EuiFlexGroup, EuiFlexItem, EuiPanel, EuiTitle } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { DataView } from '@kbn/data-views-plugin/common'; -import { LogRateAnalysisContent, type LogRateAnalysisResultsData } from '@kbn/aiops-plugin/public'; +import { + LogRateAnalysisContent, + LOG_RATE_ANALYSIS_TYPE, + type LogRateAnalysisResultsData, + type LogRateAnalysisType, +} from '@kbn/aiops-plugin/public'; import { Rule } from '@kbn/alerting-plugin/common'; import { TopAlert } from '@kbn/observability-plugin/public'; import { @@ -35,7 +40,7 @@ import { ruleParamsRT, } from '../../../../../../common/alerting/logs/log_threshold'; import { decodeOrThrow } from '../../../../../../common/runtime_types'; -import { getESQueryForLogSpike } from '../log_rate_spike_query'; +import { getESQueryForLogRateAnalysis } from '../log_rate_analysis_query'; export interface AlertDetailsLogRateAnalysisSectionProps { rule: Rule; @@ -54,14 +59,19 @@ export const LogRateAnalysis: FC = ({ r const { dataViews, logsShared } = services; const [dataView, setDataView] = useState(); const [esSearchQuery, setEsSearchQuery] = useState(); - const [logSpikeParams, setLogSpikeParams] = useState< + const [logRateAnalysisParams, setLogRateAnalysisParams] = useState< { significantFieldValues: SignificantFieldValue[] } | undefined >(); + const [logRateAnalysisType, setLogRateAnalysisType] = useState( + undefined + ); + + const validatedParams = useMemo(() => decodeOrThrow(ruleParamsRT)(rule.params), [rule]); useEffect(() => { const getDataView = async () => { const { timestampField, dataViewReference } = - await logsShared.logViews.client.getResolvedLogView(rule.params.logView); + await logsShared.logViews.client.getResolvedLogView(validatedParams.logView); if (dataViewReference.id) { const logDataView = await dataViews.get(dataViewReference.id); @@ -71,11 +81,11 @@ export const LogRateAnalysis: FC = ({ r }; const getQuery = (timestampField: string) => { - const esSearchRequest = getESQueryForLogSpike( + const esSearchRequest = getESQueryForLogRateAnalysis( validatedParams as CountRuleParams, timestampField, alert, - rule.params.groupBy + validatedParams.groupBy ) as QueryDslQueryContainer; if (esSearchRequest) { @@ -83,16 +93,23 @@ export const LogRateAnalysis: FC = ({ r } }; - const validatedParams = decodeOrThrow(ruleParamsRT)(rule.params); - - if ( - !isRatioRuleParams(validatedParams) && - (validatedParams.count.comparator === Comparator.GT || - validatedParams.count.comparator === Comparator.GT_OR_EQ) - ) { + if (!isRatioRuleParams(validatedParams)) { getDataView(); + + switch (validatedParams.count.comparator) { + case Comparator.GT: + case Comparator.GT_OR_EQ: + setLogRateAnalysisType(LOG_RATE_ANALYSIS_TYPE.SPIKE); + break; + case Comparator.LT: + case Comparator.LT_OR_EQ: + setLogRateAnalysisType(LOG_RATE_ANALYSIS_TYPE.DIP); + break; + default: + setLogRateAnalysisType(undefined); + } } - }, [rule, alert, dataViews, logsShared]); + }, [validatedParams, alert, dataViews, logsShared]); // Identify `intervalFactor` to adjust time ranges based on alert settings. // The default time ranges for `initialAnalysisStart` are suitable for a `1m` lookback. @@ -153,8 +170,8 @@ export const LogRateAnalysis: FC = ({ r deviationMax: getDeviationMax(), }; - const explainLogSpikeTitle = i18n.translate( - 'xpack.infra.logs.alertDetails.explainLogSpikeTitle', + const logRateAnalysisTitle = i18n.translate( + 'xpack.infra.logs.alertDetails.logRateAnalysisTitle', { defaultMessage: 'Possible causes and remediations', } @@ -171,33 +188,48 @@ export const LogRateAnalysis: FC = ({ r ['pValue', 'docCount'], ['asc', 'asc'] ).slice(0, 50); - setLogSpikeParams(significantFieldValues ? { significantFieldValues } : undefined); + setLogRateAnalysisParams(significantFieldValues ? { significantFieldValues } : undefined); }; const aiAssistant = useObservabilityAIAssistant(); const messages = useMemo(() => { - const hasLogSpikeParams = logSpikeParams && logSpikeParams.significantFieldValues?.length > 0; - if (!hasLogSpikeParams) { + const hasLogRateAnalysisParams = + logRateAnalysisParams && logRateAnalysisParams.significantFieldValues?.length > 0; + + if (!hasLogRateAnalysisParams) { return undefined; } + const header = 'Field name,Field value,Doc count,p-value'; - const rows = logSpikeParams.significantFieldValues + const rows = logRateAnalysisParams.significantFieldValues .map((item) => Object.values(item).join(',')) .join('\n'); - const content = `You are an observability expert using Elastic Observability Suite on call being consulted about a log threshold alert that got triggered by a spike of log messages. Your job is to take immediate action and proceed with both urgency and precision. - "Log Rate Analysis" is an AIOps feature that uses advanced statistical methods to identify reasons for increases in log rates. It makes it easy to find and investigate causes of unusual spikes by using the analysis workflow view. + const content = `You are an observability expert using Elastic Observability Suite on call being consulted about a log threshold alert that got triggered by a ${logRateAnalysisType} in log messages. Your job is to take immediate action and proceed with both urgency and precision. + "Log Rate Analysis" is an AIOps feature that uses advanced statistical methods to identify reasons for increases and decreases in log rates. It makes it easy to find and investigate causes of unusual spikes or dips by using the analysis workflow view. You are using "Log Rate Analysis" and ran the statistical analysis on the log messages which occured during the alert. - You received the following analysis results from "Log Rate Analysis" which list statistically significant co-occuring field/value combinations sorted from most significant (lower p-values) to least significant (higher p-values) that contribute to the log messages spike: + You received the following analysis results from "Log Rate Analysis" which list statistically significant co-occuring field/value combinations sorted from most significant (lower p-values) to least significant (higher p-values) that ${ + logRateAnalysisType === 'spike' + ? 'contribute to the log rate spike' + : 'are less or not present in the log rate dip' + }: ${header} ${rows} Based on the above analysis results and your observability expert knowledge, output the following: Analyse the type of these logs and explain their usual purpose (1 paragraph). - Based on the type of these logs do a root cause analysis on why the field and value combinations from the anlaysis results are causing this spike in logs (2 parapraphs). - Recommend concrete remediations to resolve the root cause (3 bullet points). + ${ + logRateAnalysisType === 'spike' + ? 'Based on the type of these logs do a root cause analysis on why the field and value combinations from the analysis results are causing this log rate spike (2 parapraphs)' + : 'Based on the type of these logs do a concise analysis why the statistically significant field and value combinations are less present or missing from the log rate dip with concrete examples based on the analysis results data. Do not guess, just output what you are sure of (2 paragraphs)' + }. + ${ + logRateAnalysisType === 'spike' + ? 'Recommend concrete remediations to resolve the root cause (3 bullet points).' + : '' + } Do not repeat the given instructions in your output.`; const now = new Date().toString(); @@ -219,7 +251,7 @@ export const LogRateAnalysis: FC = ({ r }, }, ]; - }, [logSpikeParams]); + }, [logRateAnalysisParams, logRateAnalysisType]); if (!dataView || !esSearchQuery) return null; @@ -239,6 +271,7 @@ export const LogRateAnalysis: FC = ({ r = ({ r {aiAssistant.isEnabled() && messages ? ( - + ) : null} diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/index.tsx b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/index.tsx index 176d8acb61f25..15b30ab3b79cf 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/index.tsx +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/index.tsx @@ -70,7 +70,7 @@ const AlertDetailsAppSection = ({ }); const { hasAtLeast } = useLicense(); - const hasLicenseForExplainLogSpike = hasAtLeast('platinum'); + const hasLicenseForLogRateAnalysis = hasAtLeast('platinum'); useEffect(() => { /** @@ -238,7 +238,7 @@ const AlertDetailsAppSection = ({ }; const getLogRateAnalysisSection = () => { - return hasLicenseForExplainLogSpike ? : null; + return hasLicenseForLogRateAnalysis ? : null; }; return ( diff --git a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/log_rate_spike_query.ts b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/log_rate_analysis_query.ts similarity index 97% rename from x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/log_rate_spike_query.ts rename to x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/log_rate_analysis_query.ts index 535bcb8e981ac..382af37442121 100644 --- a/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/log_rate_spike_query.ts +++ b/x-pack/plugins/infra/public/alerting/log_threshold/components/alert_details_app_section/log_rate_analysis_query.ts @@ -11,7 +11,7 @@ import { get } from 'lodash'; import { RuleParams, CountCriteria } from '../../../../../common/alerting/logs/log_threshold'; import { buildFiltersFromCriteria } from '../../../../../common/alerting/logs/log_threshold/query_helpers'; -export const getESQueryForLogSpike = ( +export const getESQueryForLogRateAnalysis = ( params: Pick & { criteria: CountCriteria }, timestampField: string, alert: TopAlert>, diff --git a/x-pack/plugins/ml/common/constants/locator.ts b/x-pack/plugins/ml/common/constants/locator.ts index 265366a33ce41..8f3b0ac23ee29 100644 --- a/x-pack/plugins/ml/common/constants/locator.ts +++ b/x-pack/plugins/ml/common/constants/locator.ts @@ -66,7 +66,13 @@ export const ML_PAGES = { OVERVIEW: 'overview', NOTIFICATIONS: 'notifications', AIOPS: 'aiops', + /** + * @deprecated since 8.10, kept here to redirect old bookmarks. + */ AIOPS_EXPLAIN_LOG_RATE_SPIKES: 'aiops/explain_log_rate_spikes', + /** + * @deprecated since 8.10, kept here to redirect old bookmarks. + */ AIOPS_EXPLAIN_LOG_RATE_SPIKES_INDEX_SELECT: 'aiops/explain_log_rate_spikes_index_select', AIOPS_LOG_RATE_ANALYSIS: 'aiops/log_rate_analysis', AIOPS_LOG_RATE_ANALYSIS_INDEX_SELECT: 'aiops/log_rate_analysis_index_select', diff --git a/x-pack/plugins/ml/public/application/components/ml_page/side_nav.tsx b/x-pack/plugins/ml/public/application/components/ml_page/side_nav.tsx index a74dd6d061aad..94b58758135c6 100644 --- a/x-pack/plugins/ml/public/application/components/ml_page/side_nav.tsx +++ b/x-pack/plugins/ml/public/application/components/ml_page/side_nav.tsx @@ -255,7 +255,7 @@ export function useSideNavItems(activeRoute: MlRoute | undefined) { disabled: disableLinks, items: [ { - id: 'explainlogratespikes', + id: 'logRateAnalysis', pathId: ML_PAGES.AIOPS_LOG_RATE_ANALYSIS_INDEX_SELECT, name: i18n.translate('xpack.ml.navMenu.logRateAnalysisLinkText', { defaultMessage: 'Log Rate Analysis', diff --git a/x-pack/plugins/ml/public/application/routing/routes/aiops/log_rate_analysis.tsx b/x-pack/plugins/ml/public/application/routing/routes/aiops/log_rate_analysis.tsx index 183279bbf1007..b4e21cf0da7c4 100644 --- a/x-pack/plugins/ml/public/application/routing/routes/aiops/log_rate_analysis.tsx +++ b/x-pack/plugins/ml/public/application/routing/routes/aiops/log_rate_analysis.tsx @@ -37,7 +37,9 @@ export const logRateAnalysisRouteFactory = ( ], }); -// Deprecated since 8.10, kept here to redirect old bookmarks. +/** + * @deprecated since 8.10, kept here to redirect old bookmarks. + */ export const explainLogRateSpikesRouteFactory = (): MlRoute => ({ path: createPath(ML_PAGES.AIOPS_EXPLAIN_LOG_RATE_SPIKES), render: () => , diff --git a/x-pack/plugins/ml/public/application/routing/routes/new_job/index_or_search.tsx b/x-pack/plugins/ml/public/application/routing/routes/new_job/index_or_search.tsx index 087b1d7ccb35c..bc93f13f01a70 100644 --- a/x-pack/plugins/ml/public/application/routing/routes/new_job/index_or_search.tsx +++ b/x-pack/plugins/ml/public/application/routing/routes/new_job/index_or_search.tsx @@ -135,7 +135,9 @@ export const logRateAnalysisIndexOrSearchRouteFactory = ( breadcrumbs: getLogRateAnalysisBreadcrumbs(navigateToPath, basePath), }); -// Deprecated since 8.10, kept here to redirect old bookmarks. +/** + * @deprecated since 8.10, kept here to redirect old bookmarks. + */ export const explainLogRateSpikesIndexOrSearchRouteFactory = (): MlRoute => ({ path: createPath(ML_PAGES.AIOPS_EXPLAIN_LOG_RATE_SPIKES_INDEX_SELECT), render: () => , diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 2bfd66b6756df..65949e888bd22 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -19012,7 +19012,7 @@ "xpack.infra.logs.alertDetails.chartHistory.avgTimeToRecover": "Temps moyen de récupération", "xpack.infra.logs.alertDetails.chartHistory.chartTitle": "Historique des alertes de seuil de logs", "xpack.infra.logs.alertDetails.chartHistory.last30days": "30 derniers jours", - "xpack.infra.logs.alertDetails.explainLogSpikeTitle": "Causes possibles et résolutions", + "xpack.infra.logs.alertDetails.logRateAnalysisTitle": "Causes possibles et résolutions", "xpack.infra.logs.alertDropdown.inlineLogViewCreateAlertContent": "La création d'alertes n'est pas prise en charge avec les vues de log en ligne.", "xpack.infra.logs.alertDropdown.inlineLogViewCreateAlertTitle": "Vue de log en ligne", "xpack.infra.logs.alertDropdown.readOnlyCreateAlertContent": "La création d'alertes nécessite plus d'autorisations dans cette application.", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 7c971d677a2c0..86b9c1314720c 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -19026,7 +19026,7 @@ "xpack.infra.logs.alertDetails.chartHistory.avgTimeToRecover": "回復までの平均時間", "xpack.infra.logs.alertDetails.chartHistory.chartTitle": "ログしきい値アラート履歴", "xpack.infra.logs.alertDetails.chartHistory.last30days": "過去30日間", - "xpack.infra.logs.alertDetails.explainLogSpikeTitle": "考えられる原因と修正方法", + "xpack.infra.logs.alertDetails.logRateAnalysisTitle": "考えられる原因と修正方法", "xpack.infra.logs.alertDropdown.inlineLogViewCreateAlertContent": "インラインログビューではアラートの作成がサポートされていません", "xpack.infra.logs.alertDropdown.inlineLogViewCreateAlertTitle": "インラインログビュー", "xpack.infra.logs.alertDropdown.readOnlyCreateAlertContent": "アラートを作成するには、このアプリケーションで上位のアクセス権が必要です。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 89d1168bfd513..0d6c2e04f829b 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -19026,7 +19026,7 @@ "xpack.infra.logs.alertDetails.chartHistory.avgTimeToRecover": "恢复的平均时间", "xpack.infra.logs.alertDetails.chartHistory.chartTitle": "日志阈值告警历史记录", "xpack.infra.logs.alertDetails.chartHistory.last30days": "过去 30 天", - "xpack.infra.logs.alertDetails.explainLogSpikeTitle": "可能的原因和补救措施", + "xpack.infra.logs.alertDetails.logRateAnalysisTitle": "可能的原因和补救措施", "xpack.infra.logs.alertDropdown.inlineLogViewCreateAlertContent": "不支持通过内联日志视图创建告警", "xpack.infra.logs.alertDropdown.inlineLogViewCreateAlertTitle": "内联日志视图", "xpack.infra.logs.alertDropdown.readOnlyCreateAlertContent": "要创建告警,在此应用程序中需要更多权限。",