[Alerting] indexThreshold /_indices API returns 500 for CCS index pattern #59889
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
pmuellr
added
Feature:Alerting
Team:ResponseOps
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
mikecote
added
the
bug
1 task
pmuellr
added a commit
to pmuellr/kibana
that referenced
this issue
Mar 20, 2020
resolves elastic#59889 The index threshold APIs - used by both the index threshold UI and the alert executor - were returning errors (500's from http endpoints) when getting errors from ES. These have been changed so that the error is logged as a warning, and the relevant API returns an "empty" result. Another 500 response was found while experimenting with this. Apparently the date_range agg requires a date format to be passed in if the date format in ES is not an ISO date. The repro on this was to select the `.security` alias (or it's index) within the index threshold alert UI, and then select one of it's date fields.
pmuellr
added a commit
that referenced
this issue
Mar 20, 2020
resolves #59889 The index threshold APIs - used by both the index threshold UI and the alert executor - were returning errors (500's from http endpoints) when getting errors from ES. These have been changed so that the error is logged as a warning, and the relevant API returns an "empty" result. Another 500 response was found while experimenting with this. Apparently the date_range agg requires a date format to be passed in if the date format in ES is not an ISO date. The repro on this was to select the `.security` alias (or it's index) within the index threshold alert UI, and then select one of it's date fields.
pmuellr
added a commit
to pmuellr/kibana
that referenced
this issue
Mar 20, 2020
) resolves elastic#59889 The index threshold APIs - used by both the index threshold UI and the alert executor - were returning errors (500's from http endpoints) when getting errors from ES. These have been changed so that the error is logged as a warning, and the relevant API returns an "empty" result. Another 500 response was found while experimenting with this. Apparently the date_range agg requires a date format to be passed in if the date format in ES is not an ISO date. The repro on this was to select the `.security` alias (or it's index) within the index threshold alert UI, and then select one of it's date fields.
pmuellr
added a commit
that referenced
this issue
Mar 20, 2020
…60813) resolves #59889 The index threshold APIs - used by both the index threshold UI and the alert executor - were returning errors (500's from http endpoints) when getting errors from ES. These have been changed so that the error is logged as a warning, and the relevant API returns an "empty" result. Another 500 response was found while experimenting with this. Apparently the date_range agg requires a date format to be passed in if the date format in ES is not an ISO date. The repro on this was to select the `.security` alias (or it's index) within the index threshold alert UI, and then select one of it's date fields.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried creating an index threshold alert using the following text in the index field:
The idea was to try using CCS syntax, make sure nothing breaks. Here's some doc on CCS syntax: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-cross-cluster-search.html#ccs-search-multi-remote-cluster
The UI doesn't accept it, has the red "Index is required." below the field.
Looking in the APM, I can see the following request got made:
That endpoint made the following calls:
Presumably, the
_aliascall returned an empty array. The 403 response - we'll need to get more info; guessing it might be that those clusters aren't defined.The text was updated successfully, but these errors were encountered: