[Request]: Documenting no-data settings for the custom threshold rule #4068
Assignees
Labels
Comments
maryam-saeidi
added a commit
to elastic/kibana
that referenced
this issue
Jul 18, 2024
…d rule (#188300) Fixes #188229, related to #183921 Documentation request: elastic/observability-docs#4068 ## Summary **Note**: I've added an item to deprecate/remove one of the no-data settings in v9. Fixes not showing no data setting and set the related settings to false by default. Based on @maciejforcone's input, we can combine these 2 settings for simplicity, as one of them works at a time. I also changed the tooltip according to which setting is relevant: (we use one action group for both of them in connectors) |No data (without group)|Missing group (with group)| |---|---| ||| Here is how the setting is applied in API: https://github.com/user-attachments/assets/52c52724-6011-4f6d-8464-023cd9a9ea10
10 tasks
This was referenced Oct 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
In the custom threshold rule, we have 2 settings:
alertOnNoData)alertOnGroupDisappear)At each given time, only one of these settings can be used depending on whether there is a group by field for the rule or not. In this PR, we tried to improve the UX for using these settings by only showing one setting in the UI and changing the related underlying setting depending on whether there is a group by field or not.
Here is a description related to these settings that we would like to include in this document:
In the API, we have 2 settings related to no data:
alertOnNoData: this is used when we don't have any group by and will trigger a no alert data if the condition doesn’t report any data over the expected time period or if the rule fails to query Elasticsearch. (Essentially, it means something is wrong, and we don't have data to evaluate the related threshold)alertOnGroupDisappeer: When we have group by fields and after seeing a group, if that group does not report any data, we trigger a missing group no data alert.Here is an example scenario when we have
host.nameas the group by field for CPU usage above 80%:During the first rule execution, we have 2 hosts that are reporting data:
host-1andhost-2In the next rule execution,
host-1does not report any data, so we trigger a no-data alert forhost-1In the next execution, if
host-1starts reporting data again, we will have 2 scenarios:host-1reports data for CPU usage and it is above the threshold of 80%, then we don't trigger a new alert, but we change the existing alert from no-data to a triggered alert that breaches the threshold. It is important to keep in mind that we don't send any notifications in this case because there is still an ongoing issue.host-1reports CPU usage below the threshold of 80%, then we change the alert status to recovered.It would be great to also include information about how users can untrack a group that is decommissioned (related ticket). For example, maybe in the above scenario,
host-1is decommissioned so we don't need the related alert anymore. In that case, user can select that alert in the alert table and usemark as untrackaction:In the UI, we are now using only one setting, and we enable the related API setting according to the group by field. Here, you can see that we also adjust the related tooltip based on whether a group by field is selected or not.
Resources
PR: elastic/kibana#188300
Related issues:
Which documentation set does this change impact?
Stateful and Serverless
Feature differences
This feature is identical in both environments.
What release is this request related to?
8.16
Collaboration model
The documentation team
Point of contact.
Main contact: @maryam-saeidi
Stakeholders:
The text was updated successfully, but these errors were encountered: