Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAM] Create API to draw timelines of alerts on charts #141487

Closed
Tracked by #137196
XavierM opened this issue Sep 22, 2022 · 3 comments · Fixed by #146709
Closed
Tracked by #137196

[RAM] Create API to draw timelines of alerts on charts #141487

XavierM opened this issue Sep 22, 2022 · 3 comments · Fixed by #146709
Assignees
@XavierM
Labels
8.6 candidate Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@XavierM
Copy link
Contributor

XavierM commented Sep 22, 2022
edited
Loading

As a user, I would like to consume an API to draw timelines of Alerts. To be able to do that we will have to use the new field time_range added by this PR. We will use the date histogram aggregations to get the different bucket associated to the timelines of alerts. What is really important in the query is to use hard_bounds to limit the histogram to specified bounds.

GET alert_index/_search
{
  "aggs": {
    "alerts_over_time": {
      "date_histogram": {
        "field": "time_range",
        "fixed_interval": "1m",
        "hard_bounds": {
          "min": "2022-09-21T19:04:00.000Z",
          "max": "2022-09-21T19:10:00.000Z"
        }
      }
    }
  },
  "query": {
    "bool": {
      "filter": [
        {
          
          "range": {
            "time_range": {
              "gt": "2022-09-21T19:04:00.000Z",
              "lt": "2022-09-21T19:10:00.000Z"
            }
          }
        }
      ]
    }
  }
}

image
@XavierM XavierM added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) 8.6 candidate labels Sep 22, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@simianhacker
Copy link
Member

This should use BOTH extended_bounds and hard_bounds, without extended_bounds the date_histogram won't draw the empty buckets.

@XavierM XavierM self-assigned this Oct 6, 2022
@XavierM XavierM moved this from Awaiting Triage to Todo in AppEx: ResponseOps - Rules & Alerts Management Oct 6, 2022
@maryam-saeidi maryam-saeidi mentioned this issue Oct 14, 2022
Closed
12 tasks
@emma-raffenne
Copy link
Contributor

emma-raffenne commented Nov 9, 2022
edited
Loading

@XavierM Actionable-observability will need this for the Summary stats widget that will plan to deliver in 8.7.0. Can you confirm you have this on your roadmap on your side?

See elastic/observability-product#190

@XavierM XavierM mentioned this issue Nov 30, 2022
Merged
1 task
Repository owner moved this from In Progress to Done in AppEx: ResponseOps - Rules & Alerts Management Dec 16, 2022
XavierM added a commit that referenced this issue Dec 16, 2022
@XavierM
[RAM] Add alert summary API (#146709)
3917bf5 
## Summary

Resolve: #141487


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@XavierM XavierM

Labels
8.6 candidate Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Rules & Alerts Management
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[RAM] Add alert summary API XavierM/kibana
4 participants
@simianhacker @XavierM @elasticmachine @emma-raffenne