Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Observability] Metric Threshold Rule Should Allow Specifying Indices #168004

Open
MakoWish opened this issue Oct 4, 2023 · 2 comments
Open

[Observability] Metric Threshold Rule Should Allow Specifying Indices #168004

MakoWish opened this issue Oct 4, 2023 · 2 comments
Labels
enhancement New value added to drive a business result Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@MakoWish
Copy link

MakoWish commented Oct 4, 2023

Describe the feature:

Allow specifying indices in the Metric Threshold rules.

Describe a specific use case for the feature:

Currently, the Metric Threshold rule does not allow specifying which indices should be queried. This seems like a waste of resources querying dozens (or potentially even hundreds?) of metrics-* indices when we may only be interested in, for example, metrics-system.cpu-* for a CPU threshold rule. This also seems counterintuitive to the entire "Namespaces" idea with Data Streams. For instance, if our Application Development team's servers (they have their own space) are writing to metrics-system.<dataset>-appdev, and our Facilities team's servers (they also have their own space) are writing to metrics-system.<dataset>-facilities, we should be able to specify on their Metrics Threshold rules to only search their namespaces. Anything else is again a waste of resources.
@botelastic botelastic bot added the needs-team Issues missing a team label label Oct 4, 2023
@consulthys
Copy link
Contributor

Beautiful idea! In the meantime, you can add a filter to the rule, e.g., data_stream.dataset: "system.cpu", in order for the rule to focus only on the relevant data streams... Since data_stream.dataset is a constant_keyword, the filtering should be pretty efficient even if you have several hundreds of metrics-* data stream.

@jsanz jsanz added enhancement New value added to drive a business result Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Oct 13, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Oct 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jsanz @consulthys @elasticmachine @MakoWish