-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open/Closed filter for observability alerts page #99217
Conversation
What's the best default here? My instinct says "Active", which maybe makes it better to do |
@@ -47,3 +47,41 @@ HTML coverage report can be found in target/coverage/jest after tests have run. | |||
```bash | |||
open target/coverage/jest/index.html |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding this! 👏
|
||
export type Maybe<T> = T | null | undefined; | ||
|
||
export const alertStatusRt = t.union([t.literal('all'), t.literal('open'), t.literal('closed')]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't really in scope of this ticket directly, but I'm nervous that we're still using "open" and "closed" to mean "active" and "recovered" because they feel like very different concepts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only place "active" and "recovered" is used is on the control itself. kibana.rac.alert.status
can be "open" or "closed". They aren't different in the context of observability alerts. @katrin-freihofner do you think we should change the text in the toggle control to be "open"/"closed"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we want to keep active and recovered as the language here (imo), but that the concepts are different in the underlying data so we'll eventually not want them linked. We've talked about it in 3 or 4 places but these things are hard to keep track of. But there will eventually be a difference between workflow status and active/recovered, since one is controlled by humans and the other is controlled by data + conditions of the rule.
Does the alert schema not have any other status fields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is still accurate: https://github.com/elastic/kibana/tree/master/x-pack/plugins/rule_registry#schema
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh thanks. I think we may need to use alerts that have this value set:
kibana.rac.alert.end: the ISO timestamp of the time at which the alert recovered.
I just now realized we probably want a way to have the investigation window (date range) apply to recovery date and not just start date ... but that's for later :P
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's leave it for now and address it as it comes up, but it will be important not to forget because I'm not 100% sure we will set that status to closed on resolution ... or if the semantics of when it gets set to closed / open could change and be surprising to us later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM on behalf of Security Solution -- thanks @smith! 🙂
@jasonrhodes updated with your recommendation on the defaults and order in 3b17d0d. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@smith how many alerts does the table show by default? I'm asking because if it does not have any performance implications, I think we should show 50+ to make it easy for our users to go through them.
@katrin-freihofner We're not doing anything about pagination until we add TGrid. Right now the response returns up to results with no pagination and you can give it a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
APM changes LGTM
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
Co-authored-by: Nathan L Smith <[email protected]>
…deprecation-ilm-policy * 'master' of github.com:elastic/kibana: (101 commits) [ftr] migrate "docTable" service to FtrService class (elastic#100595) [ftr] migrate "listingTable" service to FtrService class (elastic#100606) Fixed comparing real value with formatted according to mode. (elastic#100456) [ftr] migrate "dataGrid" service to FtrService class (elastic#100593) [ftr] migrate "fieldEditor" to FtrService class (elastic#100597) [ftr] migrate "filterBar" service to FtrService class (elastic#100601) [triggersActionsUi] Reduce page load bundle to under 100kB (elastic#97770) [build] Clean jest configs (elastic#100594) refact(NA): remove extra pkg_npm target and add specific target folders for @kbn/analytics on Bazel (elastic#100569) Update dependency @elastic/charts to v29.2.0 (elastic#100587) [Maps] convert LayerPanel to typescript (elastic#100481) [Upgrade Assistant] Address copy feedback (elastic#99632) Open/Closed filter for observability alerts page (elastic#99217) One liner to expose the EQL query for debugging for users (elastic#100565) [KibanaPageLayout] Solution Nav specific styles & props (elastic#100089) [ftr] implement FtrService classes and migrate common services (elastic#99546) [XY] [Lens] Adds opacity slider (elastic#100453) [Reporting] ILM policy for managing reporting indices (elastic#100130) [Reporting] ILM policy for managing reporting indices (elastic#100130) [DOCS] Remove redundant maps attribute (elastic#100426) ... # Conflicts: # x-pack/plugins/reporting/server/lib/store/report_ilm_policy.ts # x-pack/plugins/reporting/server/lib/store/store.test.ts # x-pack/plugins/reporting/server/lib/store/store.ts
Allow filtering open/closed/all on the alerts page.
As discussed on Slack with @katrin-freihofner, @cyrille-leclerc, and @jasonrhodes, we're changing the labels from "active"/"recovered" to "open"/"closed" to match their actual status at this time.
Fixes #98609.