Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Investigation app] add entities route and investigation Contextual Insight (#194432) #195158

Merged
merged 3 commits into from
Oct 7, 2024
Merged

[8.x] [Investigation app] add entities route and investigation Contextual Insight (#194432) #195158

merged 3 commits into from
Oct 7, 2024

Conversation

dominiqueclarke
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@dominiqueclarke
[Investigation app] add entities route and investigation Contextual I…
c6dcf68 
…nsight (elastic#194432)

## Summary

Adds a route that can be used to fetch entities related to an
investigation.

The route fetches associated entities by service name, host name, or
container id. It then identifies the associated indices and datastreams.

The discovered entities are passed to the contextual insight to inform
the LLM.

![image](https://github.com/user-attachments/assets/855a8d68-b039-4557-ba23-5661cd961021)

This PR represents the first step in developing an AI-informed
hypothesis at the beginning of the investigation. Over time, further
insights will be provided to the LLM to deepen it's investigative
analysis and propose a more helpful root cause hypothesis.

### Testing

1. Create some APM data. I'm using the otel demo and triggering a
failure via the flagd service. Since this is in flux, you can reach out
to me about this workflow. However, you can also create APM data via
`synth-trace`.
2. Create an custom threshold rule that you expect to trigger an alert.
I created mine to using `http.response.status_code: 500 /
http.response.status_code : *` and set a low threshold base on the
amount of failures in my current test data. Be sure to also group the
alert by `service.name`
3. Wait for the alert to fire, then visit the alert details page and
start an investigation
4. notice the contextual insight. Expand it to see more information

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit e4bb435)
@dominiqueclarke dominiqueclarke enabled auto-merge (squash) October 5, 2024 01:15
@dominiqueclarke dominiqueclarke mentioned this pull request Oct 5, 2024
Merged
@botelastic botelastic bot added the ci:project-deploy-observability Create an Observability project label Oct 5, 2024
@animehart
Copy link
Contributor

/ci

@kibana-ci
Copy link
Collaborator

kibana-ci commented Oct 7, 2024
edited
Loading

💛 Build succeeded, but was flaky

  • Buildkite Build
  • Commit: bce48c0
  • Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-195158-bce48c0acf35

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
investigateApp 567 572 +5

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/investigation-shared 73 81 +8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
investigateApp 474.8KB 479.8KB +5.0KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
investigateApp 6.5KB 6.4KB -104.0B
Unknown metric groups

API count

id before after diff
@kbn/investigation-shared 73 81 +8

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@dominiqueclarke dominiqueclarke merged commit c099f33 into elastic:8.x Oct 7, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kdelemme kdelemme kdelemme approved these changes

Assignees
No one assigned
Labels
backport ci:project-deploy-observability Create an Observability project
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dominiqueclarke @animehart @kibana-ci @kdelemme