Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alerting: alert does not trigger when using a group by clause #175045

Closed
endorama opened this issue Jan 17, 2024 · 6 comments
Closed

Alerting: alert does not trigger when using a group by clause #175045

endorama opened this issue Jan 17, 2024 · 6 comments
Labels
bug Fixes for quality problems that affect the customer experience Team:obs-ux-management Observability Management User Experience Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@endorama
Copy link
Member

Kibana version: 8.11.3

Elasticsearch version:

Server OS version:

Browser version:

Browser OS version:

Original install method (e.g. download page, yum, from source, etc.):

Describe the bug:

I discovered that the alert does not trigger when a group by clause is set in its settings. My alert was configured to use a runtime field (which was not selectable by the UI). I also tried with another (non runtime) field, selected through the UI with the same result.
In both cases the alert did not fire when the condition was met.
Removing the group by cause made the alert trigger as expected.

Steps to reproduce:

  1. Create a Metric threshold alert
  2. Set the condition to a Custom Equation. This is the condition I had this issue with:
    screenshot displaying alert condition values
  3. Set the filter. This is the filter I used:
    screenshot displaying alert filter values
  4. Change the Group alerts by (optional) to a field value. Condition is set to be evaluated every 1 minute.
  5. Trigger the alert.

Expected behavior: The alert is fired per group as expected.

Screenshots (if relevant):

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context:
Thank you!
@endorama endorama added the bug Fixes for quality problems that affect the customer experience label Jan 17, 2024
@botelastic botelastic bot added the needs-team Issues missing a team label label Jan 17, 2024
@jughosta jughosta added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Jan 23, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 23, 2024
@ymao1 ymao1 added the Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team label Jan 23, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)

@smith smith added the Team:obs-ux-management Observability Management User Experience Team label Jan 23, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

@smith smith removed the Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team label Jan 23, 2024
@simianhacker
Copy link
Member

Sorry for the noise on this issue, I mis-configured my settings under "Infra" and misread the preview chart.

It appears everything is working as expected:

image

Runtime fields are not supported by the Metric Threshold rule because we are not using a traditional Kibana DataViews for the index pattern. In order for the alert to trigger on a group by field, it must have values in the documents that are indexed. I just tested this out (see screenshot above) and everything is triggering as expected.

@endorama
Copy link
Member Author

endorama commented Feb 6, 2024

Hello @simianhacker, thank you! Are you aware if supporting runtime fields for filtering will be supported?

As a minor note it would be nice if the API would reject a runtime field instead of accepting it and then non working as expected from a user point of view, should I create a follow-up issue about this?

Thank you

@shahzad31
Copy link
Contributor

Hello @simianhacker, thank you! Are you aware if supporting runtime fields for filtering will be supported?

As a minor note it would be nice if the API would reject a runtime field instead of accepting it and then non working as expected from a user point of view, should I create a follow-up issue about this?

Thank you

@endorama we have an issue here #173771

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team:obs-ux-management Observability Management User Experience Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@smith @simianhacker @endorama @jughosta @shahzad31 @ymao1 @elasticmachine