Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Save ECS group by fields at the root level of alerting document #183220

Open
6 tasks
Tracked by #183516
maryam-saeidi opened this issue May 12, 2024 · 1 comment
Open
6 tasks
Tracked by #183516

Save ECS group by fields at the root level of alerting document #183220

maryam-saeidi opened this issue May 12, 2024 · 1 comment
Labels
Feature:Alerting Team:obs-ux-management Observability Management User Experience Team

Comments

@maryam-saeidi
Copy link
Member

Summary

Currently, we save group-related fields at the root level in AAD depending on the group by field as described here.

Since group by field is an important field that can be used in various features such as maintenance window or conditional action to filter alerts, we would like to expand the above-mentioned logic to save the group by fields at the root level if they are ECS fields.

Implementation idea

We can create a shared function and pass all the group-by fields to this function and return only fields that are ECS-compliant, then we can use this logic in all the rules that have group-by functionality:

  • Custom threshold
  • Metric threshold
  • Log threshold
  • Inventory threshold
  • SLO burn rate
  • ES Query

Acceptance criteria

  • Create a shared logic to get the list of ECS-compliant group by fields and save that information at the root level of the alert document
@maryam-saeidi maryam-saeidi added Feature:Alerting Team:obs-ux-management Observability Management User Experience Team labels May 12, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

@maryam-saeidi maryam-saeidi changed the title Save ECS group by fields at the root level Save ECS group by fields at the root level of alerting document May 12, 2024
@jasonrhodes jasonrhodes mentioned this issue May 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Alerting Team:obs-ux-management Observability Management User Experience Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maryam-saeidi @elasticmachine