-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloud context in kibana alerting #101018
Comments
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
Relates to #67660 for providing the cloud plugin such capability. |
This should be available in any cloud Kibana, as it's in the kibana.yml, but we don't have any "cloud specific" variables at the moment, so we need to verify this works correctly. Also worth noting - this will not work if a customer has a mixed environment (cloud + on-prem), which even though we discourage, isn't officially prohibited. In such a situation actions would result in different output depending on the Kibana running them. |
Are these related or actually identical? 🤔 |
In theory, #67660 would be for the alerting team, and this issue would be for the cloud team if we decide to go such an approach. |
There's an important distinction to be made on the "deployment Id" and "region" field - just wanted to explicitly call that out @gmmorris |
Thanks @Kushmaro , I don't know much about how these things are configured.... would this be specific to the monitoring deployment or the rule? |
ding ding ding :) yep, that's exactly how it works. Hope this makes sense, if not, I'd be happy to jump on a zoom. |
We recommend users to send their observability (logs and metrics) data to a separate monitoring cluster. In “production environments” most users will consolidate many production clusters observability data to a single monitoring cluster. Stack monitoring recommends and supports this scenario. Having said that there are times when users still enable self monitoring (because of cost, simplicity or other reasons) wherein production and monitoring cluster is the same. I think it would be ideal to have the cloud context available for both (production and monitoring) deployments so users can add in the Action messages or be able to use it in other ways (reporting etc). The reason I say we need both is because depending upon the type of alert the first inclination for the users (or internal teams) maybe to verify the monitoring data of the related entities before jumping on the actual production cluster/cloud console to start making any changes. |
I'm sure this is something missing in my knowledge, but I don't understand how the Alerting framework could possibly do this automatically, given the framework isn't querying anything. I suggest @arisonl, @ravikesarwani and @Kushmaro have a chat and figure out how these pieces are meant to fit together from a product perspective, because I get the feeling there's a piece missing in the middle between the framework part and the Cloud part of this ER. 🤔 |
I'm going to close this issue. We think it will be best to start adding these variables in the rule type (as context variables) first. Rule types will be aware of the "production deployment" as the framework isn't aware. |
When kibana is in cloud, it would be highly beneficial to have some cloud context available for the alert actions (like the ones available for the alert itself)
Using "production deployment" (for deployment being monitored)
Using "monitoring deployment" (for deployment doing the monitoring)
Most notably:
Production Cloud Deployment name(already available as "context.clusterName")Additional nice-to-haves:
The text was updated successfully, but these errors were encountered: