Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add groupByKeys context to recovered alerts for Log Threshold Rule and Metric Threshold Rule #146874

Merged
merged 5 commits into from Dec 12, 2022
Merged

Add groupByKeys context to recovered alerts for Log Threshold Rule and Metric Threshold Rule #146874

merged 5 commits into from Dec 12, 2022

Conversation

benakansara
Copy link
Contributor

@benakansara benakansara commented Dec 2, 2022
edited

Summary

Closes #146349, #146347

With this PR, it is possible to use groupByKeys context variable for Recovered action template when creating Log threshold and Metric threshold rules. Previously this context variable was available, but was not set for recovered alerts.

When a Log/Metric Threshold rule is created with one or more group by, for example, agent.hostname and container.id, the context.groupByKeys variable will have an object of group by keys as below:

{
  "agent": {
      "hostname": "host-01"
  },
  "container": {
      "id": "container-01"
  }
}

@benakansara benakansara added backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" v8.7.0 labels Dec 2, 2022
@benakansara benakansara changed the title added groupbykeys context to recovered alerts Add groupByKeys context to recovered alerts for Log Threshold Rule and Metric Threshold Rule Dec 2, 2022
@benakansara benakansara marked this pull request as ready for review December 2, 2022 20:14
@benakansara benakansara requested a review from a team as a code owner December 2, 2022 20:14
@elasticmachine
Copy link
Contributor

Pinging @elastic/actionable-observability (Team: Actionable Observability)

@benakansara benakansara requested a review from a team December 7, 2022 03:37
fkanout
fkanout approved these changes Dec 8, 2022
View reviewed changes
Copy link
Contributor

@fkanout fkanout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

maryam-saeidi
maryam-saeidi reviewed Dec 8, 2022
View reviewed changes
x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts
@@ -935,6 +940,7 @@ const processRecoveredAlerts = ({
const baseContext = {
alertDetailsUrl: getAlertDetailsUrl(basePath, spaceId, alertUuid),
group: hasGroupBy(validatedParams) ? recoveredAlertId : null,
groupByKeys: groupByKeysObjectForRecovered[recoveredAlertId],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just out of curiosity: Do we have a test to check what is generated in the context?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't believe we have tests to check context of recovered alerts. I will add this in a separate PR.

@benakansara benakansara enabled auto-merge (squash) December 12, 2022 06:34
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled in files

id before after diff
osquery 1 2 +1

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
fleet 60 66 +6
osquery 109 115 +6
securitySolution 445 451 +6
total +20

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
fleet 69 75 +6
osquery 110 117 +7
securitySolution 521 527 +6
total +21

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@benakansara benakansara merged commit 567de2d into elastic:main Dec 12, 2022
saarikabhasi pushed a commit to saarikabhasi/kibana that referenced this pull request Dec 14, 2022
@benakansara @fkanout @saarikabhasi
Add groupByKeys context to recovered alerts for Log Threshold Rule an…
9abdaba 
…d Metric Threshold Rule (elastic#146874)

## Summary

Closes elastic#146349,
elastic#146347

With this PR, it is possible to use `groupByKeys` context variable for
`Recovered` action template when creating Log threshold and Metric
threshold rules. Previously this context variable was available, but was
not set for `recovered` alerts.

When a Log/Metric Threshold rule is created with one or more `group by`,
for example, `agent.hostname` and `container.id`, the
`context.groupByKeys` variable will have an object of group by keys as
below:

```
{
  "agent": {
      "hostname": "host-01"
  },
  "container": {
      "id": "container-01"
  }
}
```

Co-authored-by: Faisal Kanout <faisal.kanout@elastic.co>
@benakansara benakansara deleted the feat/groupbykeys-recovered-alerts branch March 22, 2023 11:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maryam-saeidi maryam-saeidi maryam-saeidi left review comments

@smith smith smith approved these changes

@fkanout fkanout fkanout approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Log Threshold Rule] Add groupByKeys context to recovered alerts
6 participants
@benakansara @elasticmachine @kibana-ci @smith @fkanout @maryam-saeidi