elastic · bmorelli25 · Mar 22, 2024 · Mar 22, 2024
@@ -166,7 +166,7 @@ include::threshold-alert.asciidoc[leveloffset=+2]
 
 include::logs-threshold-alert.asciidoc[leveloffset=+2]
 
-include::infrastructure-threshold-alert.asciidoc[leveloffset=+2]
+include::inventory-threshold-alert.asciidoc[leveloffset=+2]
 
 include::metrics-threshold-alert.asciidoc[leveloffset=+2]
 

@@ -1,7 +1,7 @@
 [[infrastructure-threshold-alert]]
-= Create an infrastructure threshold rule
+= Create an inventory threshold rule
 ++++
-<titleabbrev>Infrastructure threshold</titleabbrev>
+<titleabbrev>Inventory threshold</titleabbrev>
 ++++
 
 Based on the resources listed on the *Inventory* page within the {infrastructure-app},
@@ -86,6 +86,28 @@ and selecting from a list of available variables.
 image::images/infrastructure-threshold-alert-default-message.png[Default notification message for infrastructure threshold rules with open "Add variable" popup listing available action variables,width=600]
 // NOTE: This is an autogenerated screenshot. Do not edit it directly.
 
+The following variables are specific to this rule type.
+You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].
+
+`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
+`context.alertState`:: Current state of the alert.
+`context.cloud`:: The cloud object defined by ECS if available in the source.
+`context.container`:: The container object defined by ECS if available in the source.
+`context.group`:: Name of the group reporting data.
+`context.host`:: The host object defined by ECS if available in the source.
+`context.labels`:: List of labels associated with the entity where this alert triggered.
+`context.metric`:: The metric name in the specified condition. Usage: (`ctx.metric.condition0`, `ctx.metric.condition1`, and so on).
+`context.orchestrator`:: The orchestrator object defined by ECS if available in the source.
+`context.originalAlertState`:: The state of the alert before it recovered. This is only available in the recovery context.
+`context.originalAlertStateWasALERT`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context.
+`context.originalAlertStateWasWARNING`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context.
+`context.reason`:: A concise description of the reason for the alert.
+`context.tags`:: List of tags associated with the entity where this alert triggered.
+`context.threshold`:: The threshold value of the metric for the specified condition. Usage: (`ctx.threshold.condition0`, `ctx.threshold.condition1`, and so on)
+`context.timestamp`:: A timestamp of when the alert was detected.
+`context.value`:: The value of the metric in the specified condition. Usage: (`ctx.value.condition0`, `ctx.value.condition1`, and so on)
+`context.viewInAppUrl`:: Link to the alert source.
+
 [discrete]
 [[infra-alert-settings]]
 == Settings

@@ -134,6 +134,19 @@ and selecting from a list of available variables.
 [role="screenshot"]
 image::images/logs-threshold-alert-default-message.png[Default notification message for log threshold rules with open "Add variable" popup listing available action variables,width=600]
 
+The following variables are specific to this rule type.
+You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].
+
+`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
+`context.interval`:: The length and unit of time period where the alert conditions were met.
+`context.reason`:: A concise description of the reason for the alert.
+`context.serviceName`:: The service the alert is created for.
+`context.threshold`:: Any trigger value above this value will cause the alert to fire.
+`context.transactionName`:: The transaction name the alert is created for.
+`context.transactionType`:: The transaction type the alert is created for.
+`context.triggerValue`:: The value that breached the threshold and triggered the alert.
+`context.viewInAppUrl`:: Link to the alert source.
+
 [discrete]
 [[performance-considerations]]
 === Performance considerations

@@ -102,6 +102,30 @@ and selecting from a list of available variables.
 image::images/metrics-threshold-alert-default-message.png[Default notification message for metric threshold rules with open "Add variable" popup listing available action variables,width=600]
 // NOTE: This is an autogenerated screenshot. Do not edit it directly.
 
+The following variables are specific to this rule type.
+You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].
+
+`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
+`context.alertState`:: Current state of the alert.
+`context.cloud`:: The cloud object defined by ECS if available in the source.
+`context.container`:: The container object defined by ECS if available in the source.
+`context.group`:: Name of the group(s) reporting data. For accessing each group key, use `context.groupByKeys`.
+`context.groupByKeys`:: The object containing groups that are reporting data.
+`context.host`:: The host object defined by ECS if available in the source.
+`context.labels`:: List of labels associated with the entity where this alert triggered.
+`context.metric`:: The metric name in the specified condition. Usage: (`ctx.metric.condition0`, `ctx.metric.condition1`, and so on).
+`context.orchestrator`:: The orchestrator object defined by ECS if available in the source.
+`context.originalAlertState`:: The state of the alert before it recovered. This is only available in the recovery context.
+`context.originalAlertStateWasALERT`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context.
+`context.originalAlertStateWasNO_DATA`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context.
+`context.originalAlertStateWasWARNING`:: Boolean value of the state of the alert before it recovered. This can be used for template conditions. This is only available in the recovery context.
+`context.reason`:: A concise description of the reason for the alert.
+`context.tags`:: List of tags associated with the entity where this alert triggered.
+`context.threshold`:: The threshold value of the metric for the specified condition. Usage: (`ctx.threshold.condition0`, `ctx.threshold.condition1`, and so on)
+`context.timestamp`:: A timestamp of when the alert was detected.
+`context.value`:: The value of the metric in the specified condition. Usage: (`ctx.value.condition0`, `ctx.value.condition1`, and so on)
+`context.viewInAppUrl`:: Link to the alert source.
+
 [discrete]
 [[metrics-alert-settings]]
 == Settings

@@ -59,6 +59,20 @@ and selecting from a list of available variables.
 [role="screenshot"]
 image::images/slo-action-variables.png[Action variables with default SLO message]
 
+The following variables are specific to this rule type.
+You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].
+
+`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
+`context.burnRateThreshold`:: The burn rate threshold value.
+`context.longWindow`:: The window duration with the associated burn rate value.
+`context.reason`:: A concise description of the reason for the alert.
+`context.shortWindow`:: The window duration with the associated burn rate value.
+`context.sloId`:: The SLO unique identifier.
+`context.sloInstanceId`:: The SLO instance id.
+`context.sloName`:: The SLO name.
+`context.timestamp`:: A timestamp of when the alert was detected.
+`context.viewInAppUrl`:: The URL to the SLO details page to help with further investigation.
+
 [discrete]
 [[recovery-variables-slo]]
 == Alert recovery

@@ -153,3 +153,19 @@ and selecting from a list of available variables.
 
 [role="screenshot"]
 image::images/logs-threshold-alert-default-message.png[Default notification message for log threshold rules with open "Add variable" popup listing available action variables,width=600]
+
+The following variables are specific to this rule type.
+You an also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].
+
+`context.alertDetailsUrl`:: Link to the alert troubleshooting view for further context and details. This will be an empty string if the `server.publicBaseUrl` is not configured.
+`context.cloud`:: The cloud object defined by ECS if available in the source.
+`context.container`:: The container object defined by ECS if available in the source.
+`context.group`:: The object containing groups that are reporting data.
+`context.host`:: The host object defined by ECS if available in the source.
+`context.labels`:: List of labels associated with the entity where this alert triggered.
+`context.orchestrator`:: The orchestrator object defined by ECS if available in the source.
+`context.reason`:: A concise description of the reason for the alert.
+`context.tags`:: List of tags associated with the entity where this alert triggered.
+`context.timestamp`:: A timestamp of when the alert was detected.
+`context.value`:: List of the condition values.
+`context.viewInAppUrl`:: Link to the alert source.