Maintenance window scoped query sometimes doesn't work #172950
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Alerting/RulesManagement
Issues related to the Rules Management UX
needs-team
Issues missing a team label
Comments
kobelb
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
While experimenting with the new maintenance window scoped queries, I've seen them not work a few times for suppressing the actions. It's also worked a few times as well, so I think the order of operations may matter.
The first time I saw it not working, I created a maintenance window w/ scoped query, and then created a SLO and a SLO Burn Rate alerting rule. Once I had the SLO Burn Rate rule creating alerts and triggering actions, I noticed that the maintenance window's scoped query was wrong and it wasn't suppressing any alerts. I went back to the maintenance window UI, updated the scoped query to be correct, saved the maintenance window, and continued to see actions triggered for all alerts.
The second time I saw it not working, I created a metric threshold alerting rule with the "group by" option. Once it was creating alerts and triggering actions, I then went and created a maintenance window w/ scoped query that was for
kibana.alert.instance.id: "foo-1". After the maintenance window was created, it had no effect and I continued to see actions triggered for the alerts with this field set to this value.Steps to reproduce:
The following is a recreation for the second time I saw this misbehaving.
1. Create some metrics
Use DevTools to create docs similar to the following, you'll need to update the
@timestampto make them more recent.2. Create metric threshold alerting rule w/ index document action
3. Create Maintenance Window
Expected behavior:
The
notificationsindex should not have documents with "service: foo-1" any longer being created.The text was updated successfully, but these errors were encountered: