New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ResponseOps] Add config to control maximum "for the last" / window allowed #153723
Comments
Pinging @elastic/response-ops (Team:ResponseOps) |
I suspect you mean "minimum interval" and not "maximum interval". You're trying to prevent people from creating rules that would run every 1 second (for example), correct? Also, there is no screenshot attached. We have a configuration settings see: https://www.elastic.co/guide/en/kibana/current/alert-action-settings-kb.html#alert-settings These settings were adding in version 8.2.
|
Since I suspect this answers your question, I'm going to go ahead and close this issue. If it doesn't answer your question, feel free to re-open, and add additional detail. |
Hi @pmuellr I think i have used wrong terminology which made this confusion. I m referring to maximum timeframe user can select, not minimum schedule interval. Admin need control that User should not select more than "last x minutes/hours" (pls refer screenshot) Eg) Admin wants user to select not more than last 4h while configuring the rules. But, if a user try to configure alert if xyz condition for last 6h. If Kibana has a config that does not allow user to select last 6hours because maximum timeframe a user can configure is 4h. |
Ah, I'll re-open the issue; I already change the title to reflect this. This will be slightly interesting because I think most rules do have a "for the last" / "window" / "look back" argument, controlling how far they "look back" when running queries. But it's not a standardized field at the rule level; these sort of fields are defined by the rule type. So, I can imagine having a "general" config option controlling the maximum value here, but each rule will need to add their own checks for this, as part of their validation. Some cat-herding will be needed to make sure we get all the rules modified once we do this. |
Add a option or config for admin to control maximum interval allowed by a user to check for last X (minute/hour/days) to avoid cluster overload.
(last 5 minute / last 30 minutes) in screenshot for ref
The text was updated successfully, but these errors were encountered: