[Discover][Alerting] Add info when data view has changed after rule creation #134232
Assignees
Labels
enhancement
New value added to drive a business result
Feature:Discover
Discover Application
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
Team:DataDiscovery
Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL.
v8.4.0
WIP
Work in progress
Comments
kertal
added
Feature:Discover
|
Pinging @elastic/kibana-data-discovery (Team:DataDiscovery) |
4 tasks
|
Reopening since the current solution needs to be re-evaluated (comparison with updated_at is not a good solution since this value will also be updated when fields are added/removed to Discover -- field popularity ) |
ninoslavmiskovic
added
the
impact:low
1 task
4 tasks
3 tasks
dimaanj
added a commit
that referenced
this issue
Jan 4, 2023
…6403) ## Summary Closes #145815, #134232 - Moves Discover locator to common area - Builds alerts results link from the server - Now there are two implementations of `setStateToKbnUrl` which is used in locator. New one in common are lost `HashedItemStore` support, since sessions storage are actual only for browser - Toasts `Alert rule has changed`, `Data View has changed` removed - link generated per each alert will be unique representation of those `rule params` and `data view state` which were at the time of invocation - Restuls link will live even after data view and rule removal ### How to create rule - Create an output index and data view `test` <details> <summary>Query to use</summary> ``` PUT test { "settings" : { "number_of_shards" : 1 }, "mappings" : { "properties" : { "rule_id" : { "type" : "text" }, "rule_name" : { "type" : "text" }, "alert_id" : { "type" : "text" }, "context_message": { "type" : "text" } } } } ``` </details> - Create alerts connector using `test` index - Open `Elasticsearch query` alert in `KQL or Lucene` mode or just using Discover `Alerts` button - Specify the following params: `IS ABOVE: 1`, `FOR THE LAST: 30 min` - Try execute it by clicking `Test query`. It should match some results - When choosing connector, use the following config ``` { "rule_id": "{{rule.id}}", "rule_name": "{{rule.name}}", "alert_id": "{{alert.id}}", "context_message": "{{context.message}}" } ``` - Create the alert ### How to test - Create `Elasticsearch query` rule in `KQL or Lucene` mode like described above - Wait for some seconds and find the triggered alert document by browsing `test` data view in Discover. There should be a link to results in `context_message` field. Save the link somewhere - Change rule params by adding/removing filters / changing query / changing data view - Follow saved link, you should see previous filters, query and data view state - Open rule in management and click `View in app`, you should see actual state of rule - Try to remove used data view and then follow saved link, you should still see the results - Try to remove rule and then follow saved link, you should still see the results. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
|
Resolved |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using the link navigating to Discover from an alert rule notification, we currently show a toast to inform the user that the displayed documents might be different to the original document triggering the notification. Same should apply when the data view has changed.
We have a
updated_atproperty available in the data view and alert rule saved object. Given thatupdated_atproperty is newer than the rule'supdated_atproperty, information to the toast should be added like"The data view has been updated after the last update of the alert rule."
The text was updated successfully, but these errors were encountered: