[Response Ops][Alerting] Alerts as data aliases should be hidden #178589
Labels
Feature:Alerting/Alerts-as-Data
Issues related to Alerts-as-data and RuleRegistry
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
ymao1
added
Feature:Alerting
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
|
Remembering when we did something very similar for the event log - one issue we had was that the additional processing could take a while, and encounter errors. Can't remember if we made initialization wait through these modifications, and what we do with errors - beyond ignoring them (more or less ... there's not much we can do). I'm thinking we even stopped logging them because they were noisy. Looking through the event log PRs, this one looks particularly relevant: #122882 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Alerts as data indices are created as hidden but their aliases are not, leading to some inconsistencies. We should be able to create new aliases as hidden by setting
is_hidden: truehere but we should also add a call to update existing aliases to hidden during resource installation.The text was updated successfully, but these errors were encountered: