From b464dfb0c36ae29c2d732f6f7ab4250da33427e9 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Fri, 22 Mar 2024 10:59:46 -0700 Subject: [PATCH] [Alerting] Add list of action variables to Observability alerting docs (#3693) (cherry picked from commit 7fc38dcad3cbbf7ff8b7d959abbc5061147e2dcf) --- docs/en/observability/create-alerts.asciidoc | 2 +- ...doc => inventory-threshold-alert.asciidoc} | 26 +++++++++++++++++-- .../logs-threshold-alert.asciidoc | 13 ++++++++++ .../metrics-threshold-alert.asciidoc | 24 +++++++++++++++++ .../slo-burn-rate-alert.asciidoc | 14 ++++++++++ .../en/observability/threshold-alert.asciidoc | 16 ++++++++++++ 6 files changed, 92 insertions(+), 3 deletions(-) rename docs/en/observability/{infrastructure-threshold-alert.asciidoc => inventory-threshold-alert.asciidoc} (70%) diff --git a/docs/en/observability/create-alerts.asciidoc b/docs/en/observability/create-alerts.asciidoc index 3c16d72bf5..519ba5708b 100644 --- a/docs/en/observability/create-alerts.asciidoc +++ b/docs/en/observability/create-alerts.asciidoc @@ -166,7 +166,7 @@ include::threshold-alert.asciidoc[leveloffset=+2] include::logs-threshold-alert.asciidoc[leveloffset=+2] -include::infrastructure-threshold-alert.asciidoc[leveloffset=+2] +include::inventory-threshold-alert.asciidoc[leveloffset=+2] include::metrics-threshold-alert.asciidoc[leveloffset=+2] diff --git a/docs/en/observability/infrastructure-threshold-alert.asciidoc b/docs/en/observability/inventory-threshold-alert.asciidoc similarity index 70% rename from docs/en/observability/infrastructure-threshold-alert.asciidoc rename to docs/en/observability/inventory-threshold-alert.asciidoc index aaeff4c4ed..beaa4a349c 100644 --- a/docs/en/observability/infrastructure-threshold-alert.asciidoc +++ b/docs/en/observability/inventory-threshold-alert.asciidoc @@ -1,7 +1,7 @@ [[infrastructure-threshold-alert]] -= Create an infrastructure threshold rule += Create an inventory threshold rule ++++ -Infrastructure threshold +Inventory threshold ++++ Based on the resources listed on the *Inventory* page within the {infrastructure-app}, @@ -86,6 +86,28 @@ and selecting from a list of available variables. image::images/infrastructure-threshold-alert-default-message.png[Default notification message for infrastructure threshold rules with open "Add variable" popup listing available action variables,width=600] // NOTE: This is an autogenerated screenshot. Do not edit it directly. +The following variables are specific to this rule type. +You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules]. + +`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured. +`context.alertState`:: Current state of the alert. +`context.cloud`:: The cloud object defined by ECS if available in the source. +`context.container`:: The container object defined by ECS if available in the source. +`context.group`:: Name of the group reporting data. +`context.host`:: The host object defined by ECS if available in the source. +`context.labels`:: List of labels associated with the entity where this alert triggered. +`context.metric`:: The metric name in the specified condition. Usage: (`ctx.metric.condition0`, `ctx.metric.condition1`, and so on). +`context.orchestrator`:: The orchestrator object defined by ECS if available in the source. +`context.originalAlertState`:: The state of the alert before it recovered. This is only available in the recovery context. +`context.originalAlertStateWasALERT`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context. +`context.originalAlertStateWasWARNING`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context. +`context.reason`:: A concise description of the reason for the alert. +`context.tags`:: List of tags associated with the entity where this alert triggered. +`context.threshold`:: The threshold value of the metric for the specified condition. Usage: (`ctx.threshold.condition0`, `ctx.threshold.condition1`, and so on) +`context.timestamp`:: A timestamp of when the alert was detected. +`context.value`:: The value of the metric in the specified condition. Usage: (`ctx.value.condition0`, `ctx.value.condition1`, and so on) +`context.viewInAppUrl`:: Link to the alert source. + [discrete] [[infra-alert-settings]] == Settings diff --git a/docs/en/observability/logs-threshold-alert.asciidoc b/docs/en/observability/logs-threshold-alert.asciidoc index e5b11118a2..5795ce8cd3 100644 --- a/docs/en/observability/logs-threshold-alert.asciidoc +++ b/docs/en/observability/logs-threshold-alert.asciidoc @@ -134,6 +134,19 @@ and selecting from a list of available variables. [role="screenshot"] image::images/logs-threshold-alert-default-message.png[Default notification message for log threshold rules with open "Add variable" popup listing available action variables,width=600] +The following variables are specific to this rule type. +You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules]. + +`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured. +`context.interval`:: The length and unit of time period where the alert conditions were met. +`context.reason`:: A concise description of the reason for the alert. +`context.serviceName`:: The service the alert is created for. +`context.threshold`:: Any trigger value above this value will cause the alert to fire. +`context.transactionName`:: The transaction name the alert is created for. +`context.transactionType`:: The transaction type the alert is created for. +`context.triggerValue`:: The value that breached the threshold and triggered the alert. +`context.viewInAppUrl`:: Link to the alert source. + [discrete] [[performance-considerations]] === Performance considerations diff --git a/docs/en/observability/metrics-threshold-alert.asciidoc b/docs/en/observability/metrics-threshold-alert.asciidoc index 98b5941510..b6a3238b01 100644 --- a/docs/en/observability/metrics-threshold-alert.asciidoc +++ b/docs/en/observability/metrics-threshold-alert.asciidoc @@ -102,6 +102,30 @@ and selecting from a list of available variables. image::images/metrics-threshold-alert-default-message.png[Default notification message for metric threshold rules with open "Add variable" popup listing available action variables,width=600] // NOTE: This is an autogenerated screenshot. Do not edit it directly. +The following variables are specific to this rule type. +You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules]. + +`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured. +`context.alertState`:: Current state of the alert. +`context.cloud`:: The cloud object defined by ECS if available in the source. +`context.container`:: The container object defined by ECS if available in the source. +`context.group`:: Name of the group(s) reporting data. For accessing each group key, use `context.groupByKeys`. +`context.groupByKeys`:: The object containing groups that are reporting data. +`context.host`:: The host object defined by ECS if available in the source. +`context.labels`:: List of labels associated with the entity where this alert triggered. +`context.metric`:: The metric name in the specified condition. Usage: (`ctx.metric.condition0`, `ctx.metric.condition1`, and so on). +`context.orchestrator`:: The orchestrator object defined by ECS if available in the source. +`context.originalAlertState`:: The state of the alert before it recovered. This is only available in the recovery context. +`context.originalAlertStateWasALERT`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context. +`context.originalAlertStateWasNO_DATA`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context. +`context.originalAlertStateWasWARNING`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context. +`context.reason`:: A concise description of the reason for the alert. +`context.tags`:: List of tags associated with the entity where this alert triggered. +`context.threshold`:: The threshold value of the metric for the specified condition. Usage: (`ctx.threshold.condition0`, `ctx.threshold.condition1`, and so on) +`context.timestamp`:: A timestamp of when the alert was detected. +`context.value`:: The value of the metric in the specified condition. Usage: (`ctx.value.condition0`, `ctx.value.condition1`, and so on) +`context.viewInAppUrl`:: Link to the alert source. + [discrete] [[metrics-alert-settings]] == Settings diff --git a/docs/en/observability/slo-burn-rate-alert.asciidoc b/docs/en/observability/slo-burn-rate-alert.asciidoc index 53d2b0732f..a2983d8188 100644 --- a/docs/en/observability/slo-burn-rate-alert.asciidoc +++ b/docs/en/observability/slo-burn-rate-alert.asciidoc @@ -59,6 +59,20 @@ and selecting from a list of available variables. [role="screenshot"] image::images/slo-action-variables.png[Action variables with default SLO message] +The following variables are specific to this rule type. +You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules]. + +`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured. +`context.burnRateThreshold`:: The burn rate threshold value. +`context.longWindow`:: The window duration with the associated burn rate value. +`context.reason`:: A concise description of the reason for the alert. +`context.shortWindow`:: The window duration with the associated burn rate value. +`context.sloId`:: The SLO unique identifier. +`context.sloInstanceId`:: The SLO instance id. +`context.sloName`:: The SLO name. +`context.timestamp`:: A timestamp of when the alert was detected. +`context.viewInAppUrl`:: The URL to the SLO details page to help with further investigation. + [discrete] [[recovery-variables-slo]] == Alert recovery diff --git a/docs/en/observability/threshold-alert.asciidoc b/docs/en/observability/threshold-alert.asciidoc index 5246a74406..c20e56a9e7 100644 --- a/docs/en/observability/threshold-alert.asciidoc +++ b/docs/en/observability/threshold-alert.asciidoc @@ -153,3 +153,19 @@ and selecting from a list of available variables. [role="screenshot"] image::images/logs-threshold-alert-default-message.png[Default notification message for log threshold rules with open "Add variable" popup listing available action variables,width=600] + +The following variables are specific to this rule type. +You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules]. + +`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured. +`context.cloud`:: The cloud object defined by ECS if available in the source. +`context.container`:: The container object defined by ECS if available in the source. +`context.group`:: The object containing groups that are reporting data. +`context.host`:: The host object defined by ECS if available in the source. +`context.labels`:: List of labels associated with the entity where this alert triggered. +`context.orchestrator`:: The orchestrator object defined by ECS if available in the source. +`context.reason`:: A concise description of the reason for the alert. +`context.tags`:: List of tags associated with the entity where this alert triggered. +`context.timestamp`:: A timestamp of when the alert was detected. +`context.value`:: List of the condition values. +`context.viewInAppUrl`:: Link to the alert source.