[Internal][Observability][UX Management][9.1/8.19/Serverless]: Document related alerts, related dashboards, and investigation guides #2721
Description
Description
The alerts details page for Observability rules now provides information on related dashboards, investigation guides, and related alerts. We should doc what these are and how they work, for example, how are related alerts determined?
Resources
Related alerts
Issue: elastic/kibana#214372
PR: elastic/kibana#215673
Related alerts are determined by relevance to the current alert based on groups, tags, alert start and end time. Alerts are checked for each of these heurstics and a score is generated based on how closely these fields are matching. Any alerts with score below 1.5 are excluded from the results. Related alerts are sorted by score (high to low).
First, alerts are filtered to only include alerts triggered between current alert start time +/- 1 day.
Then, alerts are scored based on following crietria and in the following order (more relevance vs less as you go through below list).
- alerts that triggered more closely to current alert's start time
- alerts that recovered more closely to current alert's end time
- jaccard similarity between group values
- jaccard similarity between rule tags
- alerts of same status as current alert
- other alerts of same rule id
Relation column in related alerts tab will show if the alert is related to matching groups, tags or current rule.
On "Related alerts" tab, additional filter can be applied to narrow down alerts triggered between current alert start time +/- 30 minutes using "Triggered around the same time" filter.
Linked dashboards
Users can link dashboards when configuring a rule. The linked dashboards will be shown in "Related dashboards" tab in alert details page for all alerts of that rule. When user navigates to the dashboard, the dashboard will be filtered to +/- 30 minutes of alert start time.
Issue: elastic/kibana#209044
PR: elastic/kibana#219019
Suggested dashboards
On alert details page of Custom threshold rule, we display a list of max 10 suggested dashboards which users can navigate to and/or promote any of them to linked dashboards (which will apply to all alerts of that rule).
Suggested dashboards are determined based on these heuristics. We plan to improve the heuristics in future to find more relevant dashboards.
- Dashboards with lens visualizations that query against the same data view as the rule
- Dashboards with lens visualizations that use some of the same fields as used in rule configuration or alert data
Issue: elastic/kibana#221947
PR: elastic/kibana#223424, elastic/kibana#213287, elastic/kibana#217747
Investigation guide
Users can add their investigation guide in form of markdown when configuring a rule. This investigation guide will be shown in a separate tab in alert details page for all alerts of that rule.
Issue: elastic/kibana#213024
PR: elastic/kibana#217106
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
No differences
What release is this request related to?
8.19
Serverless release
Already released
Collaboration model
The documentation team
Point of contact.
Main contact: @benakansara
Stakeholders: TBD