[Investigation app] add entities route and investigation Contextual Insight #194432
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dominiqueclarke
added
release_note:skip
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
botelastic
bot
added
the
ci:project-deploy-observability
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
| ): Promise<{ responses: Array<InferSearchResponseOf<TDocument, TSearchRequest>> }>; | ||
| } | ||
|
|
||
| export function createEntitiesESClient({ |
There was a problem hiding this comment.
There was a problem hiding this comment.
This is a client specifically for searching through entities indices, but I should be using the observability es client as a dependency. Will update when I can.
dominiqueclarke
commented
Sep 30, 2024
| .map((params) => { | ||
| const searchParams: [MsearchMultisearchHeader, MsearchMultisearchBody] = [ | ||
| { | ||
| index: [SERVICE_ENTITIES_LATEST_ALIAS], |
There was a problem hiding this comment.
This is copypasta. I'd like to remove the reference to the service alias in particular.
dominiqueclarke
added
the
backport:prev-minor
dominiqueclarke
changed the title
…/investigation-entities
kdelemme
reviewed
Oct 2, 2024
| @@ -28,7 +28,7 @@ | |||
| "kibanaReact", | |||
| "kibanaUtils", | |||
| ], | |||
| "optionalPlugins": [], | |||
There was a problem hiding this comment.
It's already in the requiredPlugins
Comment on lines
88
to
90
| const alertOriginInvestigation = alertOriginSchema.safeParse(investigation?.origin); | ||
| const alertId = alertOriginInvestigation.success ? alertOriginInvestigation.data.id : undefined; | ||
| const { data: alert } = useFetchAlert({ id: alertId }); |
There was a problem hiding this comment.
🍰 nit: this logic is required every time we use useFetchAlert(), maybe we can refactor the hook to encapsulate this logic: the hook itself could use useInvestigation to retrieve the investigation, and we won't need to expose the originated alert in this context. I'm already worried about this context becoming bloated with too many things.
const { data: alert } = useFetchAlertOrigin()
dominiqueclarke
commented
Oct 2, 2024
x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_entities.ts
Outdated
Show resolved
Hide resolved
…ooks/use_fetch_entities.ts
kdelemme
approved these changes
Oct 2, 2024
Comment on lines
+37
to
+41
| {investigation?.id && ( | ||
| <EuiFlexItem grow={false}> | ||
| <AssistantHypothesis investigationId={investigation.id} /> | ||
| </EuiFlexItem> | ||
| )} |
There was a problem hiding this comment.
🍰 nit: use the context hook useInvestigation() directly from AssistantHypothesis:
Suggested change
| {investigation?.id && ( | |
| <EuiFlexItem grow={false}> | |
| <AssistantHypothesis investigationId={investigation.id} /> | |
| </EuiFlexItem> | |
| )} | |
| <EuiFlexItem grow={false}> | |
| <AssistantHypothesis /> | |
| </EuiFlexItem> |
There was a problem hiding this comment.
I actually had this originally, but it made it so that the investigation was sometimes undefined, and I hated having to handle that all the time. Would you prefer that trade off?
| }); | ||
| export const SERVICE_ENTITIES_HISTORY_ALIAS = entitiesAliasPattern({ | ||
| type: 'service', | ||
| dataset: ENTITY_HISTORY, |
There was a problem hiding this comment.
I thought EEM had removed the history?
There was a problem hiding this comment.
They did. I'll remove this for now.
| hostName, | ||
| entitiesEsClient, | ||
| }: { | ||
| context: InvestigateAppRequestHandlerContext; |
There was a problem hiding this comment.
If possible let's try to not leak route/request details into the services. Here we can replace the whole request handler context with the esClient, and do the wiring in the route handler.
| ); | ||
| } | ||
|
|
||
| const getEntitySource = async ({ index }: { index: IndicesIndexState }) => { |
Comment on lines
82
to
86
| return await Promise.all( | ||
| Object.values(indices).map(async (index) => { | ||
| return await getEntitySource({ index }); | ||
| }) | ||
| ); |
There was a problem hiding this comment.
do we need the promise all and await here?
| const sourceIndex = entity?.sourceIndex; | ||
| if (!sourceIndex) return null; | ||
|
|
||
| const indices = await esClient.indices.get({ index: sourceIndex }); |
There was a problem hiding this comment.
🍰 nit: might be probably too early to optimize, but this call is made in a double for-loop. Is there a way to call the esClient.indices.get for all sourceIndex at once?
dominiqueclarke
force-pushed
the
feature/investigation-entities
branch
from
34235a6 to
53655e5
Compare
jloleysens
approved these changes
Oct 3, 2024
The guide for setting up the connector can be found here https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/observability_ai_assistant/README.md You'll also need to start your knowledge base. The easiest way to do that is, after setting up your connector, open the Assistant flyout via the Assistant button on the top right and click the start knowledge base button. |
…clarke/kibana into feature/investigation-entities
…clarke/kibana into feature/investigation-entities
dominiqueclarke
force-pushed
the
feature/investigation-entities
branch
from
b9de0ca to
f95017d
Compare
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11184673144 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
dominiqueclarke
added a commit
to dominiqueclarke/kibana
that referenced
this pull request
Oct 5, 2024
…nsight (elastic#194432) ## Summary Adds a route that can be used to fetch entities related to an investigation. The route fetches associated entities by service name, host name, or container id. It then identifies the associated indices and datastreams. The discovered entities are passed to the contextual insight to inform the LLM.  This PR represents the first step in developing an AI-informed hypothesis at the beginning of the investigation. Over time, further insights will be provided to the LLM to deepen it's investigative analysis and propose a more helpful root cause hypothesis. ### Testing 1. Create some APM data. I'm using the otel demo and triggering a failure via the flagd service. Since this is in flux, you can reach out to me about this workflow. However, you can also create APM data via `synth-trace`. 2. Create an custom threshold rule that you expect to trigger an alert. I created mine to using `http.response.status_code: 500 / http.response.status_code : *` and set a low threshold base on the amount of failures in my current test data. Be sure to also group the alert by `service.name` 3. Wait for the alert to fire, then visit the alert details page and start an investigation 4. notice the contextual insight. Expand it to see more information --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit e4bb435)
tiansivive
pushed a commit
to tiansivive/kibana
that referenced
this pull request
Oct 7, 2024
…nsight (elastic#194432) ## Summary Adds a route that can be used to fetch entities related to an investigation. The route fetches associated entities by service name, host name, or container id. It then identifies the associated indices and datastreams. The discovered entities are passed to the contextual insight to inform the LLM.  This PR represents the first step in developing an AI-informed hypothesis at the beginning of the investigation. Over time, further insights will be provided to the LLM to deepen it's investigative analysis and propose a more helpful root cause hypothesis. ### Testing 1. Create some APM data. I'm using the otel demo and triggering a failure via the flagd service. Since this is in flux, you can reach out to me about this workflow. However, you can also create APM data via `synth-trace`. 2. Create an custom threshold rule that you expect to trigger an alert. I created mine to using `http.response.status_code: 500 / http.response.status_code : *` and set a low threshold base on the amount of failures in my current test data. Be sure to also group the alert by `service.name` 3. Wait for the alert to fire, then visit the alert details page and start an investigation 4. notice the contextual insight. Expand it to see more information --------- Co-authored-by: kibanamachine <[email protected]>
dominiqueclarke
added a commit
that referenced
this pull request
Oct 7, 2024
…tual Insight (#194432) (#195158) # Backport This will backport the following commits from `main` to `8.x`: - [[Investigation app] add entities route and investigation Contextual Insight (#194432)](#194432) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dominique Clarke","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-04T17:58:28Z","message":"[Investigation app] add entities route and investigation Contextual Insight (#194432)\n\n## Summary\r\n\r\nAdds a route that can be used to fetch entities related to an\r\ninvestigation.\r\n\r\nThe route fetches associated entities by service name, host name, or\r\ncontainer id. It then identifies the associated indices and datastreams.\r\n\r\nThe discovered entities are passed to the contextual insight to inform\r\nthe LLM.\r\n\r\n\r\n\r\n\r\nThis PR represents the first step in developing an AI-informed\r\nhypothesis at the beginning of the investigation. Over time, further\r\ninsights will be provided to the LLM to deepen it's investigative\r\nanalysis and propose a more helpful root cause hypothesis.\r\n\r\n### Testing\r\n\r\n1. Create some APM data. I'm using the otel demo and triggering a\r\nfailure via the flagd service. Since this is in flux, you can reach out\r\nto me about this workflow. However, you can also create APM data via\r\n`synth-trace`.\r\n2. Create an custom threshold rule that you expect to trigger an alert.\r\nI created mine to using `http.response.status_code: 500 /\r\nhttp.response.status_code : *` and set a low threshold base on the\r\namount of failures in my current test data. Be sure to also group the\r\nalert by `service.name`\r\n3. Wait for the alert to fire, then visit the alert details page and\r\nstart an investigation\r\n4. notice the contextual insight. Expand it to see more information\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"e4bb435b48560852b37e4de54fb9c05cf5a7f3b1","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-management","v8.16.0"],"number":194432,"url":"https://github.com/elastic/kibana/pull/194432","mergeCommit":{"message":"[Investigation app] add entities route and investigation Contextual Insight (#194432)\n\n## Summary\r\n\r\nAdds a route that can be used to fetch entities related to an\r\ninvestigation.\r\n\r\nThe route fetches associated entities by service name, host name, or\r\ncontainer id. It then identifies the associated indices and datastreams.\r\n\r\nThe discovered entities are passed to the contextual insight to inform\r\nthe LLM.\r\n\r\n\r\n\r\n\r\nThis PR represents the first step in developing an AI-informed\r\nhypothesis at the beginning of the investigation. Over time, further\r\ninsights will be provided to the LLM to deepen it's investigative\r\nanalysis and propose a more helpful root cause hypothesis.\r\n\r\n### Testing\r\n\r\n1. Create some APM data. I'm using the otel demo and triggering a\r\nfailure via the flagd service. Since this is in flux, you can reach out\r\nto me about this workflow. However, you can also create APM data via\r\n`synth-trace`.\r\n2. Create an custom threshold rule that you expect to trigger an alert.\r\nI created mine to using `http.response.status_code: 500 /\r\nhttp.response.status_code : *` and set a low threshold base on the\r\namount of failures in my current test data. Be sure to also group the\r\nalert by `service.name`\r\n3. Wait for the alert to fire, then visit the alert details page and\r\nstart an investigation\r\n4. notice the contextual insight. Expand it to see more information\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"e4bb435b48560852b37e4de54fb9c05cf5a7f3b1"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194432","number":194432,"mergeCommit":{"message":"[Investigation app] add entities route and investigation Contextual Insight (#194432)\n\n## Summary\r\n\r\nAdds a route that can be used to fetch entities related to an\r\ninvestigation.\r\n\r\nThe route fetches associated entities by service name, host name, or\r\ncontainer id. It then identifies the associated indices and datastreams.\r\n\r\nThe discovered entities are passed to the contextual insight to inform\r\nthe LLM.\r\n\r\n\r\n\r\n\r\nThis PR represents the first step in developing an AI-informed\r\nhypothesis at the beginning of the investigation. Over time, further\r\ninsights will be provided to the LLM to deepen it's investigative\r\nanalysis and propose a more helpful root cause hypothesis.\r\n\r\n### Testing\r\n\r\n1. Create some APM data. I'm using the otel demo and triggering a\r\nfailure via the flagd service. Since this is in flux, you can reach out\r\nto me about this workflow. However, you can also create APM data via\r\n`synth-trace`.\r\n2. Create an custom threshold rule that you expect to trigger an alert.\r\nI created mine to using `http.response.status_code: 500 /\r\nhttp.response.status_code : *` and set a low threshold base on the\r\namount of failures in my current test data. Be sure to also group the\r\nalert by `service.name`\r\n3. Wait for the alert to fire, then visit the alert details page and\r\nstart an investigation\r\n4. notice the contextual insight. Expand it to see more information\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"e4bb435b48560852b37e4de54fb9c05cf5a7f3b1"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Rickyanto Ang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds a route that can be used to fetch entities related to an investigation.
The route fetches associated entities by service name, host name, or container id. It then identifies the associated indices and datastreams.
The discovered entities are passed to the contextual insight to inform the LLM.
This PR represents the first step in developing an AI-informed hypothesis at the beginning of the investigation. Over time, further insights will be provided to the LLM to deepen it's investigative analysis and propose a more helpful root cause hypothesis.
Testing
synth-trace.http.response.status_code: 500 / http.response.status_code : *and set a low threshold base on the amount of failures in my current test data. Be sure to also group the alert byservice.name