Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alerting and action services #24214

Closed
14 of 19 tasks
njd5475 opened this issue Oct 18, 2018 · 4 comments
Closed
14 of 19 tasks

Alerting and action services #24214

njd5475 opened this issue Oct 18, 2018 · 4 comments
Labels
Feature:Alerting Meta NeededFor:SIEM Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@njd5475
Copy link
Contributor

njd5475 commented Oct 18, 2018

Description

Across use cases there is no “one-size-fits-all” alerting feature. Logs, SIEM, APM, Uptime, Infrastructure, Monitoring, Maps, Machine Learning, Kibana Dashboards... alerts are relevant to all of these use cases, yet each one has unique needs for detecting conditions, expressing them, and showing them in context. Effective alerting and monitoring requires deep integration with a product.

To accommodate the different ways of detecting and taking action, Kibana will include a layered system of services where apps and features can integrate at the appropriate levels:

image

  • Alert Base provides low level services for high scheduling and task management, audit logging/history, registering alerting primitives like types of alerts and types of action, and security.

  • The Alert Lib layer allows for new types of “actions” and “alerts” to be easily defined and registered in Kibana. Default Kibana action types will include: email, slack, pagerduty, log, index, and webhook. Alert types will be defined by specific use cases (e.g. Monitoring, Uptime, SIEM define specific types tailored to that use case) but Kibana will also include general user-defined alert types, such as creating alert from an elasticsearch query or canvas expression.

  • The Alert API layer includes: CRUD APIs for alerts; APIs for filtering and finding specific alerts; APIs for controlling behavior such as muting, throttling, and enable/disable.

  • Alert UI includes centralized views for seeing alerts in context and managing them across use cases. as well as tools for correlating and making sense of alert history.

Project: https://github.com/elastic/kibana/projects/26

Phases

Phase 1

The first phase lays the foundation, focusing on scalable task management and scheduling, contracts for alerts and actions, and defining the main APIs

Phase 2

The second phase will allow use cases to integrate with the alerting system. This includes UI in Kibana to enable management and understanding of alerts across use-cases, and full featured alerting behavior

Phase 3

  • User defined alerts in Kibana ( for example expression style alerts)
  • Snoozing alerts
  • Import/Export of alerts and actions
@njd5475 njd5475 added Feature:Alerting Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc enhancement New value added to drive a business result labels Oct 18, 2018
@clintongormley clintongormley changed the title Altering Service Alerting Service Oct 31, 2018
@epixa epixa added the Meta label Nov 5, 2018
@roncohen
Copy link
Contributor

roncohen commented Feb 26, 2019

Is the "actions" and "alerting" services API described here up to date? cc @clintongormley

@njd5475
Copy link
Contributor Author

njd5475 commented Mar 13, 2019

Is the "actions" and "alerting" services API described here up to date? cc @clintongormley

The design parts here are outdated. There is a more formal proposal for just the Actions Service api RFC 0000 and hopefully be one for the Alerts Service to make it easier to track changes and elicit feedback as it has been difficult to keep this up to date.

@mikecote mikecote added Team:Stack Services and removed Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc enhancement New value added to drive a business result labels Jun 24, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-stack-services

@mikecote mikecote changed the title Alerting Service Alerting and action services Jun 24, 2019
@bmcconaghy bmcconaghy added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) and removed Team:Stack Services labels Dec 12, 2019
@ymao1
Copy link
Contributor

ymao1 commented Mar 18, 2021

Closing in favor of Alerting Project Board

@ymao1 ymao1 closed this as completed Mar 18, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerting Meta NeededFor:SIEM Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Development

No branches or pull requests

9 participants