Add alert grouping functionality to the observability alerts page #189958
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maryam-saeidi
added
the
release_note:feature
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
|
/ci |
maryam-saeidi
commented
Aug 6, 2024
| content={ | ||
| <FormattedMessage | ||
| id="xpack.observability.alert.grouping.ungrouped.info" | ||
| defaultMessage='There is no "group by" field selected in rule definition.' |
|
/ci |
dedemorton
reviewed
Aug 6, 2024
...ins/observability_solution/observability/public/pages/alerts/grouping/render_group_panel.tsx
Outdated
Show resolved
Hide resolved
Co-authored-by: DeDe Morton <[email protected]>
maryam-saeidi
commented
Aug 7, 2024
| // Alert page | ||
| const alertsPageAlertsTableConfig = getAlertsPageTableConfiguration( | ||
| // Observability table | ||
| const observabilityAlertsTableConfig = getObservabilityTableConfiguration( |
There was a problem hiding this comment.
I registered a new alerts table with an observability ID, which is used on other applications as well. (Basically, this already existed)
maryam-saeidi
commented
Aug 7, 2024
| alertTableConfigRegistry.register(observabilityAlertsTableConfig); | ||
|
|
||
| // Alerts page | ||
| const alertsPageAlertsTableConfig = getAlertsPageTableConfiguration( |
There was a problem hiding this comment.
This is the new table with grouping, only for the alerts page for now.
|
/ci |
botelastic
bot
added
ci:project-deploy-observability
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
shahzad31
reviewed
Aug 8, 2024
Comment on lines
+13
to
+22
| export function Tags({ | ||
| tags, | ||
| color, | ||
| size = 3, | ||
| oneLine = false, | ||
| }: { | ||
| tags: string[]; | ||
| color?: string; | ||
| size?: number; | ||
| oneLine?: boolean; |
There was a problem hiding this comment.
there is same kinda component exported from observability-shared, might be nice to use that
There was a problem hiding this comment.
Nice! I will check it out!
|
i am getting this error on visiting alerts page |
1 task
umbopepato
added a commit
that referenced
this pull request
Aug 19, 2024
… aggregations endpoint (#190305) ## Summary - Adds null-value bucket detection to server-side alerts aggregations and marks those groups with a `--` key and `isNullGroup = true`. - Improves alerts grouping types with default aggregations. - Improves documentation ## To verify 1. Temporarily merge [#189958](#189958) into this branch 2. Create a rule that fires alerts in Observability > Alerts (i.e. Custom Threshold, ES Query, ...) 3. Once you start to see some alerts in the Alerts page, toggle the grouped alerts view using the dropdown at the top-right of the table (`Group alerts by: ...`), selecting a custom field that doesn't have a value in alert documents (to find one, open the alert flyout and look at the fields table) 4. Check that the group based on the empty field shows `--` as a title 5. Check that the alerts table in the expanded group panel is filtered correctly ### References Refs [#189958](#189958) ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
|
/ci |
|
/ci |
|
/oblt-deploy |
|
/oblt-deploy |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsasync chunk count
miscellaneous assets size
History
To update your PR or re-run it, just comment with: |
shahzad31
reviewed
Aug 22, 2024
Comment on lines
+34
to
+43
| filter: [ | ||
| { | ||
| query: { | ||
| match_phrase: { | ||
| [ALERT_STATUS]: ALERT_STATUS_ACTIVE, | ||
| }, | ||
| }, | ||
| meta: {}, | ||
| }, | ||
| ], |
There was a problem hiding this comment.
it's already specified in query so why needed as separate filter?
There was a problem hiding this comment.
Alert grouping component accepts filters, not queries, but we use queries in other places. Maybe, in the future, we can refactor places that we use query and use filter instead.
shahzad31
reviewed
Aug 22, 2024
...plugins/observability_solution/observability/public/components/alert_search_bar/constants.ts
Show resolved
Hide resolved
maryam-saeidi
changed the title
kibanamachine
added
v8.16.0
backport:skip
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #190995
Summary
This PR adds grouping functionality to the alerts page alert table based on @umbopepato's implementation in this draft PR (basically, he implemented the feature and I adjusted a bit for our use case :D).
For now, we only added the rule and source as default grouping, and I will create a ticket to add tags as well. The challenge with tags is that since it is an array, the value of the alert is joined by a comma as the group, which does not match with what we want for tags.
Here is how we show the rules that don't have a group by field selected for them: (We used "ungrouped" similar to what we have in SLOs)