Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC] Observability alerts table reads from incorrect indices #109317

Closed
weltenwort opened this issue Aug 19, 2021 · 1 comment · Fixed by #109346
Closed

[RAC] Observability alerts table reads from incorrect indices #109317

weltenwort opened this issue Aug 19, 2021 · 1 comment · Fixed by #109346
Assignees
@XavierM
Labels
bug Fixes for quality problems that affect the customer experience Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete v7.15.0

Comments

@weltenwort
Copy link
Member

📝 Summary

The introduction of the correct alias names in #108115 surfaced a problem with the way the timeline and indexFields search strategies construct the indices. This causes the Observability table to remain empty even if alerts are present in the correct indices.

✔️ Proposed solution

  • An API exists on the observability plugin that...
    • takes a list of registration contexts and a namespace as arguments
    • returns a list of correctly constructed alias names for the given arguments
  • The alerts page uses above API to fetch the list of indices for a hard-coded list of registration contexts.
  • The t-grid backing the Observability alerts table receives the index names to query instead of the consumers.
@weltenwort weltenwort added bug Fixes for quality problems that affect the customer experience Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete v7.15.0 labels Aug 19, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@weltenwort weltenwort mentioned this issue Aug 19, 2021
Merged
@mgiota mgiota mentioned this issue Aug 20, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@XavierM XavierM

Labels
bug Fixes for quality problems that affect the customer experience Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete v7.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[RAC] Get o11y alerts in alerts table XavierM/kibana
3 participants
@XavierM @weltenwort @elasticmachine