Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[alerts] expose API to generate alert instance summary from event log documents #88908

Closed
pmuellr opened this issue Jan 20, 2021 · 5 comments
Closed

[alerts] expose API to generate alert instance summary from event log documents #88908

pmuellr opened this issue Jan 20, 2021 · 5 comments
Labels
Feature:Alerting research Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@pmuellr
Copy link
Member

pmuellr commented Jan 20, 2021

It's not clear that this will be needed, but thought I'd create an issue to outline how it might work, if it is.

For the "Alert Details" page, we generate the list of instances and data from them, via this function, which is not currently exposed as an API:

kibana/x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.ts

Lines 11 to 20 in da8abda

export interface AlertInstanceSummaryFromEventLogParams {
alert: SanitizedAlert<{ bar: boolean }>;
events: IEvent[];
dateStart: string;
dateEnd: string;
}
export function alertInstanceSummaryFromEventLog(
params: AlertInstanceSummaryFromEventLogParams
): AlertInstanceSummary {

As we are getting more consumers of the event log coming on line, this function - or similar ones, or perhaps this one with more parameters/capabilities - could be useful if we only end up providing a way to get ALL the event log docs (eg, if we don't support a richer search mechanism). Otherwise, those consumers will be forced to implement similar logic in their own plugins.

We'd need to clean this up a bit to turn it into an API, and presumably if we did this, we'd also change it to support events from multiple alerts, and not just a single alert. And presumably, it would be a function on the alertsClient.
@pmuellr pmuellr added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Jan 20, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@mikecote
Copy link
Contributor

@YulNaumenko, you mentioned this is necessary to allow listing active instances across different alerts?

@YulNaumenko
Copy link
Contributor

It would be nice to have an option to select only active instances here, so probably this API should include the filtering. Maybe implementing this issue could solve the problem.

@YulNaumenko
Copy link
Contributor

In addition, we definitely want to have a support for a multiple alerts instance summary, something like:

export interface AlertInstanceSummaryFromEventLogParams { 
   alerts: SanitizedAlert<{ bar: boolean }>[]; 
   events: IEvent[]; 
   dateStart: string; 
   dateEnd: string; 
 }

@pmuellr pmuellr mentioned this issue Jan 27, 2021
Closed
@pmuellr
Copy link
Member Author

pmuellr commented Jan 27, 2021

Closed, as this is more or less just a thought, and more relevant to issue: #70169 - moved the body of the summary to a new comment in that issue.

@pmuellr pmuellr closed this as completed Jan 27, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Alerting research Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pmuellr @kobelb @mikecote @elasticmachine @YulNaumenko