[Alerting] Editing stack rules should provide warning if fields have unexpected mapping #95523
Labels
estimate:small
Small Estimated Level of Effort
Feature:Alerting/RuleTypes
Issues related to specific Alerting Rules Types
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
UX
As part of this investigation, we have determined that the stack rules UI for index threshold and es query handle index pattern changes gracefully, perhaps a little too gracefully?
The UI filters out the fields available for the rule params based on mapping type, so only
date
type fields are shown in thetimestamp
selection, onlynumeric
fields are shown in the metric agg selection, onlykeyword
fields are shown in the group by selection. If after creating a rule, the mapping for a selected type changes (either deleted or changed to a different type), and you edit the rule type, there is no indication that the field you originally selected for the rule has changed or is missing. It is only if you want to change the field that you might (or might not) notice that the original field you selected is missing from the dropdown.It might be helpful to provide some sort of warning when editing if the field you originally selected for the rule is no longer valid.
The text was updated successfully, but these errors were encountered: