[Metrics UI] Add anomalies tab to enhanced node details #96967
Conversation
|
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
|
I don't think this is related but currently looking into behavior I'm seeing when trying to generate anomalies to view in the Anomaly Flyout. I see anomalies for k8s in the timeline but not in the Anomaly flyout: |
|
I'm actually not sure how you got anomalies for CPU. We don't have a ML job that track anomalies for CPU nor do we fetch them for the timeline. |
|
The same behaviour also occurs with "memory". I opened a separate issue for the anomaly appearing in the timeline when CPU is selected. Confirmed neither of these issues is related to your changes. Sorry for the noise! |
|
Were we going to remove the "Show in Inventory" from EHD? I believe we were discussing in Slack that it was redundant at this point. |
|
@sorantis I still don't believe it's redundant. I still think there's value to being able to just to that point in time for that metric. Thoughts? |
|
@phillipb what use case do you have in mind for this action on EHD? |
|
@sorantis because an anomaly can affect multiple host, a user would still want to be able to "Show in inventory" to see all the host and the metric values for them. |
|
@phillipb for this case the entry point is the ML flyout with all anomalies. |
|
@sorantis yeah that flow makes sense. Only difference is we don't currently show the indicator for new anomalies yet. I was thinking of a different flow. I was thinking the user would click a node on the waffle map to open EHD and then click the anomalies tab to investigate the history of that node. Then they might want to show a given anomaly on the inventory and see all the host that are associated with that anomaly. If you don't think that flow is high priority or that it might be confusing for the other flow, happy to remove it from EHD. |
|
Going to merge as is, because it's literally a one line code change if we want to turn it off. |
* Adapt the anomalies table to work in overlay * Wire up the onClose function * Make "show in inventory" filter waffle map * Remove unused variable Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
) * Adapt the anomalies table to work in overlay * Wire up the onClose function * Make "show in inventory" filter waffle map * Remove unused variable Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
Added anomalies table to enhanced node details. Slightly adapted the anomalies table that shows up in the Anomaly Detection flyout to be able to work with a hostName filter.
Also, made some changes to the actions dropdown. For now, I removed "Create alert" code because we don't have anomaly alerts enabled yet. Lastly, the behavior for "Show in Inventory" has changed so that it actually filters the waffle map to only show the anomalous nodes. Because we've run into cases where there are thousands of influencers, we added in some logic to disable filtering when there are large numbers of influencers because of a limit in Elasticsearch. Based on feedback from ML this should only happen in rare cases, but we added in some telemetry (
metrics_ml_anomaly_detection_more_than_100_influencers) to keep track of how often it happens.Fixes: #88541.
.Checklist
Delete any items that are not applicable to this PR.