Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting] Provide services to set context for recovered alerts #122988

Closed
ymao1 opened this issue Jan 13, 2022 · 1 comment · Fixed by #124972
Closed

[Alerting] Provide services to set context for recovered alerts #122988

ymao1 opened this issue Jan 13, 2022 · 1 comment · Fixed by #124972
Assignees
@ymao1
Labels
Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@ymao1
Copy link
Contributor

ymao1 commented Jan 13, 2022

POC here: https://github.com/elastic/kibana/pull/119080/files

As a framework, we want to provide rule executors the ability to specify context variables for recovered alerts. Typically, recovered alerts are determined by the framework and provide no context. We've seen an uptick of user requests wanting context information in their recovery notifications and we want to enable rule executors to do this.

We will be providing two services to the executors:

  • getRecoveredAlertIds - Provides executors with a list of alert IDs for which the framework will schedule recovery actions.
  • setRecoveryContext - Allows executors to specify recovery context for a specified alert id.

Ideally, we would like to rule type executors to make use of these service functions after they are done creating alerts and scheduling actions for these alerts. Although we cannot strictly enforce this at a framework level, we can strongly suggest this code flow by adding a .done() function to the existing alertInstanceFactory service. Only when this .done() function is called will the recovery service functions be available for use. For implementation details, consult the POC.

Finally, in order to try to reduce confusion in the UI before all rule types have had a chance to implement specifying recovery context, we want to add a flag to the rule type during registration where the rule type author can opt-in to defining recovery context. Opting in will allow them access to the proposed new service functions and opting in will surface the context variables in the list of action variables for the Recovered action group for this rule type. For implementation details, consult the POC.

Note: When implementing, we might want to consider making the calls for scheduling actions for active alerts and setting context for recovered alerts more consistent. A suggestion that has been floated is to change scheduleActions into two steps:
alert.scheduleAction().setContext() and have the recovery service act like alert.setContext(). Not a hard requirement, just something to consider.
@ymao1 ymao1 added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework labels Jan 13, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@ymao1 ymao1 mentioned this issue Jan 13, 2022
Closed
3 tasks
@ymao1 ymao1 self-assigned this Jan 27, 2022
@ymao1 ymao1 moved this from Todo to In Progress in AppEx: ResponseOps - Execution & Connectors Jan 27, 2022
@kobelb kobelb removed the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Jan 31, 2022
@botelastic botelastic bot added the needs-team Issues missing a team label label Jan 31, 2022
@kobelb kobelb added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
@ymao1 ymao1 mentioned this issue Feb 2, 2022
Merged
@ymao1 ymao1 mentioned this issue Feb 10, 2022
Merged
2 tasks
@ymao1 ymao1 moved this from In Progress to In Review in AppEx: ResponseOps - Execution & Connectors Feb 10, 2022
Repository owner moved this from In Review to Done in AppEx: ResponseOps - Execution & Connectors Feb 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ymao1 ymao1

Labels
Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Alerting] Provide services to set context for recovered alerts ymao1/kibana
3 participants
@kobelb @ymao1 @elasticmachine