[RCA] Start investigation from alert details page

[benakansara]

Resolves #190320 and #190396

• Start investigation from Custom threshold alert details page
• Go to ongoing investigation instead of creating new one if one already exists
• Initial investigation status is set as ongoing
• Investigation origin is set as alert

"Start investigation" is hidden for other alert types and when investigate plugin is disabled.

Testing

• Add the following in kibana.dev.yml

xpack.investigate.enabled: true
xpack.investigateApp.enabled: true

• Create Custom threshold rule
• Open Custom threshold alert details page
• Click on "Start investigation"
• Verify that a new saved object is created for the investigation

Screen.Recording.2024-08-12.at.12.24.02.mov

[obltmachine]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

[kdelemme]

just some comments about the cache keys.

[benakansara]

/ci

[benakansara]

/ci

[kdelemme]

Just did a quick review before the meeting, will continue after. Looking good so far

[TinaHeiligers]

Changes to kibana.jsoncLGTM

[kdelemme]

I left some comments, thanks for the initial refactoring of the search API.
A few things that we can tackle in another PR: duplication of hooks

[kdelemme]

More of a philosophical question, but do you think the get investigation API should query RAC and include the alert details directly in its response?
So instead of doing two request sequentially, the client would just do one and get everything?
That's maybe a bit of a premature optimization. But something to think about.

[benakansara]

that's a good question, something I was thinking about it too while implementing. We would need to have rac in context to use alerts client. I will look into it.

[kdelemme]

Is investigate null when the feature flag is off?

[benakansara]

it's undefined

[kdelemme]

I think we should not even try to fetch the investigations in case the investigate feature flag is not enabled

[benakansara]

Good catch. Addressed in 5a24c0b

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 7e0abe4
• Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-190307-7e0abe45c945

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
investigate	21	26	+5
investigateApp	512	552	+40
observability	1070	1072	+2
total			+47

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
investigate	112	119	+7
observability	694	695	+1
total			+8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
investigateApp	431.4KB	439.5KB	+8.0KB
observability	424.7KB	426.8KB	+2.1KB
total			+10.2KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
investigate	9.2KB	9.9KB	+700.0B
observability	101.9KB	102.0KB	+48.0B
total			+748.0B

Unknown metric groups

API count

id	before	after	diff
investigate	112	119	+7
observability	701	702	+1
total			+8

History

• 💔 Build #227455 failed 8a8a177
• 💛 Build #227444 was flaky 34f9331
• 💚 Build #227430 succeeded 1544474
• 💔 Build #227341 failed 4b6a680
• 💔 Build #227295 failed adf4f93

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @benakansara

[kdelemme]

LGTM ! Thanks for the changes, I think we'll have to move things around to avoid too much duplication at some point. But for now, it's fine.

[kdelemme]

👍🏻 nice