Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Actionable Observability] Add infrastructure fields to search schema for alerts table #141893

Closed
Tracked by #134886
formgeist opened this issue Sep 27, 2022 · 5 comments
Closed
Tracked by #134886

[Actionable Observability] Add infrastructure fields to search schema for alerts table #141893

formgeist opened this issue Sep 27, 2022 · 5 comments
Assignees
@benakansara
Labels
enhancement New value added to drive a business result Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" v8.6.0

Comments

@formgeist
Copy link
Contributor

Summary

When I want to filter down the alerts list by e.g. service.name, that's entirely possible today. But if I try and do the same for host.hostname, then I get an error. It appears that the fields for rules are not added to the KQL search schema in the alerts table to support filtering the alerts table by e.g. conditions in the rules.

CleanShot 2022-09-27 at 08 57 51@2x

CleanShot 2022-09-27 at 08 58 48@2x

CleanShot 2022-09-27 at 08 59 27@2x

CleanShot 2022-09-27 at 08 59 53@2x
@formgeist formgeist added enhancement New value added to drive a business result Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" labels Sep 27, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/actionable-observability (Team: Actionable Observability)

@maryam-saeidi maryam-saeidi mentioned this issue Sep 27, 2022
Closed
14 tasks
@maryam-saeidi
Copy link
Member

Update:
It seems the issue is not about missing some fields in the query section but rather not having that information in our data. Currently, we are working on enriching the data, so after that work is done, we should have these fields as well.
Here the related work can be tracked: https://github.com/elastic/actionable-observability/issues/7

@benakansara benakansara mentioned this issue Oct 11, 2022
Merged
2 tasks
@benakansara benakansara self-assigned this Oct 11, 2022
@benakansara
Copy link
Contributor

@formgeist I am working on PR #140598 that will make Infrastructure ECS fields available to search in Alerts table.

@formgeist
Copy link
Contributor Author

@benakansara Thanks for the update 👍

@benakansara
Copy link
Contributor

Closed by #140598

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benakansara benakansara

Labels
enhancement New value added to drive a business result Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" v8.6.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@formgeist @maryam-saeidi @elasticmachine @benakansara