Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AO] Add evaluation values for metric threshold and inventory rules #154255

Merged
merged 10 commits into from
Apr 20, 2023
Merged

[AO] Add evaluation values for metric threshold and inventory rules #154255

merged 10 commits into from
Apr 20, 2023

Conversation

maryam-saeidi
Copy link
Member

@maryam-saeidi maryam-saeidi commented Apr 3, 2023
edited
Loading

Closes #153877

Summary

This PR adds a new field called kibana.alert.evaluation.values to the alert document for metric threshold and inventory rules. This is an array of numbers but depending on the result of the rule execution, the value might be null too.

image

We want to use this result in the metric threshold alert details page, so I checked whether this value can be retrieved correctly there or not:
image

Note
I will add tests later, I would like to get feedback about the implementation first.

🧪 How to test

  • Add xpack.observability.unsafe.alertDetails.metrics.enabled: true to the Kibana config
  • Create a metric threshold and inventory rule that generates an alert
  • Check the alert document for the kibana.alert.evaluation.values field, it should be an array with the result of evaluation for the related criteria
  • If you are using metricbeat, stop it so the value of evaluation will be null
  • Go to the alert details page, you should be able to see the main chart even when the evaluation value is null
  • Check the alert document for the kibana.alert.evaluation.values field, it should be an array including a null value

@maryam-saeidi maryam-saeidi added release_note:skip Skip the PR/issue when compiling release notes Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" labels Apr 3, 2023
@maryam-saeidi maryam-saeidi self-assigned this Apr 3, 2023
@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

maryam-saeidi
maryam-saeidi commented Apr 6, 2023
View reviewed changes
x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts
@@ -77,7 +77,7 @@ type CastSingle<T extends t.Type<any>> = t.Type<
>;

const createCastArrayRt = <T extends t.Type<any>>(type: T): CastArray<T> => {
const union = t.union([type, t.array(type)]);
const union = t.union([type, t.array(t.union([type, t.nullType]))]);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is related to the values that are saved in kibana.alert.evaluation.values, it is a mixture of the specified type (scaled_float) and null

@maryam-saeidi maryam-saeidi marked this pull request as ready for review April 6, 2023 14:00
@maryam-saeidi maryam-saeidi requested review from a team as code owners April 6, 2023 14:00
@elasticmachine
Copy link
Contributor

Pinging @elastic/actionable-observability (Team: Actionable Observability)

simianhacker
simianhacker approved these changes Apr 6, 2023
View reviewed changes
Copy link
Member

@simianhacker simianhacker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merge code with grace,
This PR shines, well-crafted,
Approving eyes smile.

mohamedhamed-ahmed
mohamedhamed-ahmed approved these changes Apr 20, 2023
View reviewed changes
Copy link
Contributor

@mohamedhamed-ahmed mohamedhamed-ahmed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Infra changes LGTM!

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/rule-data-utils 100 101 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
apm 3.4MB 3.4MB +28.0B
infra 2.0MB 2.0MB +29.0B
observability 1.1MB 1.1MB +93.0B
securitySolution 9.1MB 9.1MB +326.0B
triggersActionsUi 1.4MB 1.4MB +54.0B
total +530.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
apm 32.1KB 32.2KB +64.0B
infra 90.5KB 90.6KB +64.0B
observability 74.4KB 74.5KB +64.0B
triggersActionsUi 84.2KB 84.3KB +64.0B
total +256.0B
Unknown metric groups

API count

id before after diff
@kbn/rule-data-utils 103 104 +1

ESLint disabled line counts

id before after diff
securitySolution 394 397 +3

Total ESLint disabled count

id before after diff
securitySolution 474 477 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @maryam-saeidi

ymao1
ymao1 approved these changes Apr 20, 2023
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

response ops changes LGTM

xcrzx
xcrzx approved these changes Apr 20, 2023
View reviewed changes
Copy link
Contributor

@xcrzx xcrzx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@maryam-saeidi maryam-saeidi merged commit 1172130 into elastic:main Apr 20, 2023
@kibanamachine kibanamachine added v8.8.0 backport:skip This commit does not require backporting labels Apr 20, 2023
@maryam-saeidi maryam-saeidi deleted the 153877-alert-evaluation-value branch June 21, 2023 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simianhacker simianhacker simianhacker approved these changes

@xcrzx xcrzx xcrzx approved these changes

@mohamedhamed-ahmed mohamedhamed-ahmed mohamedhamed-ahmed approved these changes

@ymao1 ymao1 ymao1 approved these changes

Assignees

@maryam-saeidi maryam-saeidi

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" v8.8.0
Projects
None yet
Milestone
No milestone
9 participants
@maryam-saeidi @apmmachine @elasticmachine @kibana-ci @simianhacker @xcrzx @mohamedhamed-ahmed @ymao1 @kibanamachine