Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ResponseOps] Error trying to update a rule created in 7.17 in 8.x #208826

Open
doakalexi opened this issue Jan 29, 2025 · 1 comment
Open

[ResponseOps] Error trying to update a rule created in 7.17 in 8.x #208826

doakalexi opened this issue Jan 29, 2025 · 1 comment
Labels
bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@doakalexi
Copy link
Contributor

doakalexi commented Jan 29, 2025
edited
Loading

I am not sure if this is a bug but it seem unexpected. I created an ES query rule in 7.17 and upgraded from 7.17 -> 8.15 -> 8.x. I tried to edit is above in the rule from 1000 to 0, and I got the following error.

Image

Here is the request when I click show request in the rule form:

PUT kbn:/api/alerting/rule/a0747ea0-de6f-11ef-b1e2-35d05b76fe70
{
  "name": "es query",
  "tags": [],
  "schedule": {
    "interval": "1m"
  },
  "params": {
    "esQuery": "{\n  \"query\":{\n    \"match_all\" : {}\n  }\n}",
    "size": 100,
    "timeWindowSize": 5,
    "timeWindowUnit": "d",
    "threshold": [
      0
    ],
    "thresholdComparator": ">",
    "index": [
      "kibana_sample_data_logs"
    ],
    "timeField": "@timestamp",
    "searchType": "esQuery",
    "aggType": "count",
    "groupBy": "all",
    "termSize": 5,
    "excludeHitsFromPreviousRun": false,
    "sourceFields": []
  },
  "actions": [
    {
      "group": "query matched",
      "id": "9aef87e0-de6f-11ef-b1e2-35d05b76fe70",
      "params": {
        "level": "info",
        "message": "Elasticsearch query alert '{{alertName}}' is active:\n\n- Value: {{context.value}}\n- Conditions Met: {{context.conditions}} over {{params.timeWindowSize}}{{params.timeWindowUnit}}\n- Timestamp: {{context.date}}"
      },
      "uuid": "705e5ba7-8a53-4498-8064-fbc1f9a26f3f"
    }
  ],
  "alert_delay": {
    "active": 1
  }
}
@doakalexi doakalexi added bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Jan 29, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elasticmachine @doakalexi