[ES Query] Make ES Query rule created in Discover visible in Observability #170497
Comments
maryam-saeidi
added
Team:ResponseOps
|
Pinging @elastic/actionable-observability (Team: Actionable Observability) |
|
Pinging @elastic/response-ops (Team:ResponseOps) |
github-project-automation
bot
moved this to Awaiting Triage
in AppEx: ResponseOps - Rules & Alerts Management
paulb-elastic
added
the
Team:obs-ux-management
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
paulb-elastic
removed
the
Team: Actionable Observability - DEPRECATED
XavierM
moved this from Awaiting Triage
to Up for grabs
in AppEx: ResponseOps - Rules & Alerts Management
Zacqary
moved this from Up for grabs
to In Progress
in AppEx: ResponseOps - Rules & Alerts Management
Enabling the scope dropdown in Discover reveals three authorized consumers, not just two. Is this desired? |
|
@vinaychandrasekhar @roshan-elastic What do you think about the above question? Personally, I think it is fine. @Zacqary Is the logs option the default choice? |
|
Still trying to figure out how to properly set a default choice. Currently the role visibility drops down if the alert form gets passed a consumer of So it's going to take some refactoring, but yes, I will make sure Logs is the default |
|
Figured out how to remove Stack Rules from the authorized consumer list. |
|
Having trouble figuring out how to resolve some tests that are failing on permissions errors Current tests for creating an ES Query rule in Discover only require the Need input from @maryam-saeidi but also @elastic/kibana-data-discovery |
To clarify, does this mean Observability now owns the Elasticsearch Query rule, and it's no longer a stack alert? I still see it listed in the bottom category when I try to create an alert from Stack Management, so I assumed it was still a stack alert, but if it's exclusively an O11y alert now then that changes things |
@Zacqary I'm not very familiar with this project or the consumers concept, but it would be a surprise to us on the Discover side if this functionality was removed from Discover since we weren't aware if this was something being considered. My guess is we'd want to keep the "Stack Rules" consumer in the dropdown if it's required for the existing experience to continue working. Since Discover isn't logs or O11y specific (and I don't think the ES query rule is either), would it instead make sense to keep all options in the dropdown and leave it blank by default, similar to what's done in |
@Zacqary It is available in the stack as well as observability, so we can create this rule from both places.
@davismcphee What do you think about the above-mentioned option? This request was originally related to not being able to see the ES Query rule in observability, and I assume in a lot of scenarios, users want to be able to see the rule both in observability and stack management (which is possible when you select the logs as the default option) The reason that I suggest having a default value for this field is to make it easier for our users without needing to know what role visibility is (considering this is a required field), and at the same time, if the second default is |
Thanks for looping me in here @maryam-saeidi...I don't have a great deal to offer on this one at the moment - I think @vinaychandrasekhar will be better informed to comment here. |
|
I don't have enough context here. For example, how does this ticket relate to bringing Discover / Logs Explorer into Observability (in Serverless for now, and in self-managed in future)? Would be better to discuss live. |
|
@maryam-saeidi Thanks for the context! Personally I don't seen an issue with what you're proposing, although it may be a questioned better answered by PMs tbh. I discussed it briefly wth the other engineers on my team last week, and the only concern raised was that it may surprise some users to find the rules they created from Discover in O11y if they were used to the old behaviour, but this is probably a minor concern overall. We have a team sync tomorrow with our PM, so I've added this to the agenda and will follow up afterward. |
My understanding currently is this is not related. |
|
@davismcphee Thanks for the info, so, the only question is whether to have |
XavierM
moved this from In Progress
to In Review
in AppEx: ResponseOps - Rules & Alerts Management
|
@maryam-saeidi Apologies for the delay, I'm on SDH duty this week and it's a busy one 🙂 We discussed this as a team and agreed it should be fine to set the default value to |
github-project-automation
bot
moved this from In Review
to Done
in AppEx: ResponseOps - Rules & Alerts Management
…71364) ## Summary Closes #170497 <img width="483" alt="Screenshot 2023-11-16 at 1 25 18 PM" src="https://github.com/elastic/kibana/assets/1445834/4d974eab-9641-4618-b52a-2facf4c07667"> Adds scope dropdown to ES Query rules created from Discovery. If Logs or Metrics are selected, rules created here will be visible in Observability. Also makes `Logs` the default consumer when creating a rule from either Discovery and Observability. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
📝 Summary
When a user creates an ES query rule from the Discover view, this rule will not be visible in Observability. (Slack discussion)
We already brought this rule in Observability in this epic. We only need to set the consumer to one of the observability privileges, such as
LogsorMetrics.To solve this issue, we need to:
Logsas the default value.The benefit of setting it is to improve user experience. This field is required, and if the user hits the save button without scrolling to set this field, nothing happens.
✅ Acceptance Criteria
The text was updated successfully, but these errors were encountered: