Rule details page - Phase 1

[emma-raffenne]

Part of #129636

Feature Description

The rule definition page currently shows some data to help understand the rule and its execution. For a user to fully and clearly understand the rule, its execution history, impact, noisiness, and for better ongoing management, further details will need to be added to that page.

The following needs exist for the different personas using the rule details page.

Sub-personas or Elastic roles to keep in mind as the audience for this view -

Rule creator/editor

1. System administrator
2. Alert consumer with view-only access to rule details view

Acceptance Criteria

1. New rule details page that keeps the user within the observability solution and context (and does not take the user to stack management)
2. View the rule definition, rule type, and rule description (rule creator/editor should be able to add a rule description that captures freeform text describing what the rule does)
3. View the rule schedule (which in future will include planned/upcoming mute schedules, scheduled disabling)
4. View rule created by and timestamp, rule last edited by and timestamp
5. Ability to Set and View rule current status: muted, disabled, active, error, along with reason if error
6. Show last activity - last response status, last run duration, count of executions and alerts generated (see mockup)
7. History of rule execution times to gauge performance, degradation patterns if any
8. History of alerts generated by this rule, with ability to dive into the alert details

See design at elastic/observability-design#137

Implementation Tickets

• Show Rule Detail View within Observability Context #129631
• Create and structure the Rule detail page.  #130005
• Add the rule info to the rule detail page #130026
• Identify the shareable components that should be exposed from triggers_actions_ui #130126
• Add rule summary #130262
• Add the shared Alerts table  #130373
• Add the shared execution history table #130374
• Use the shareable status dropdown from triggers_actions_ui plugin #130773
• Get all the alerts in the last 24 for a given rule #130897
• Get the action connector name (defined by the user). #130907
• Use the tag component for triggers_action_ui for Rule details #131063
• [Actionable Observability] Display action connector icon in o11y rule details page #132220 @mgiota
• Add the last 24h execution log count in the Rule details page #132410
• [Actionable Observability] Rule details page hide Actions when there are no actions #132390 @mgiota
• [Actionable Observability] Rule details link in Alerts table should link to the new o11y rule details page #132389 @mgiota
• [Actionable Observability] Human readable text for rule type and notify fields in rule detail page #132388 @mgiota
• [Actionable Observability] User with read permissions gets a blank o11y rule details page #132485 @mgiota
• [Actionable Observability] Update the design and remove the unused Error log tab and #132614

[emma-raffenne]

cc @vinaychandrasekhar

[vinaychandrasekhar]

Hi @emma-raffenne, here's some thoughts on requirements for initial release vs. features that can come later. Comments welcome.

For initial release:

• New rule details page that keeps the user within the observability solution and context (and does not take the user to stack management)
• Show rule definition, rule type, and rule description
• Show rule schedule
• Show rule created by and timestamp, rule last edited by and timestamp
• Show and set rule current status: muted, disabled, active, error, along with reason if error
• Show last activity - last response status, last run duration, count of executions and alerts generated (see mockup)
• History of rule execution times to gauge performance, degradation patterns if any
• History of alerts generated for that rule, ability to zoom in to a specific time range to look into generated alerts for that rule, with ability to dive into the alert details
• Rule edit, delete operations (might already happen through flyout, perhaps?)

Can come later:

• Clear indication of failed alerts, exceptions, and warnings in alert history. Where possible, include trends to indicate pattern of failures (and in future, include high-level / summary reason for errors)
• Show history of rule edits and changes (including muting, disabling)
• Trend of number of alerts generated per rule execution, and in a given time period, to give quick indication of "load" on users from this rule (important to see this from a user's perspective: how noisy is this alert for the user?) with # of alerts generated
• Ability to clone the rule
• Ability to trigger the rule manually / ad-hoc. Note that this is different from a "preview" feature that lets a user preview the results of a rule execution, useful when the user is creating or editing the rule

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[fkanout]

@vinaychandrasekhar, Do we need an auto-refresh for this page OR a part of it like the alerts table or rule status? Or keep it static i.e. fetch the latest info on a manual page refresh from the browser?

cc @katrin-freihofner

[vinaychandrasekhar]

Hi @fk , in my mind consistency is key. The current rule details view in stack monitoring offers that. As does a few other places like you mentioned. Please add one in for our rule details page as well. @katrin-freihofner please chime in if you have a different opinion.

[emma-raffenne]

@fkanout and @vinaychandrasekhar - Please note #128449
cc @katrin-freihofner

[katrin-freihofner]

I'm not sure I understand the question @fkanout, do you mean to refresh the alert list? As shown here:

[fkanout]

I'm talking about the auto-refresh that @emma-raffenne mentioned- Thanks Emma. #128449 (comment) cc@katrin-freihofner.

@vinaychandrasekhar I checked the stack monitoring Rule detail, and they only provide the manual refresh button (like the one highlighted in @katrin-freihofner screenshot #129777 (comment)).

I think the answer is clear now, as we are going to remove the auto-refresh from the Rules list page, #128449 (comment), so will keep the Rule detail page as it's.