Ability to fetch alert state / alert instance state

[mikecote]

No description provided.

[elasticmachine]

Pinging @elastic/kibana-stack-services (Team:Stack Services)

[chrisronline]

Stack Monitoring Use Case

We have alerts that we want to show in the UI - we show the user if the alert is currently firing, or if a previously firing alert has been resolved.

In our watcher implementation, we write this alerting state to an index (.monitoring-alerts-*) which we read from and display in the UI.

As we migrate to Kibana alerting, it'd be nice to avoid needing this extra index, especially since all the state we need should be available in the alert state. If we had a way to query this, I'd save us needing an extra index.

The one gotcha here would be security - currently, users of Stack Monitoring do not have access to query watcher apis directly (or watcher-based indices) so we'd need to ensure the security requirements are clear for users.

[chrisronline]

Any update on when/if this will be supported?

[mikecote]

@chrisronline so far this is still planned for the mid-term of the project. After re-reading your use case, do you think the following would solve your issue (#51099)? We're aiming to have that in 7.7 and would allow you to query / show if an alert is currently firing.

[chrisronline]

@mikecote I'm going to revisit the exact details of the need soon, but I last left this effort with code that just queries against .kibana_task_manager* directly. Once I revisit, I'll update this ticket with what exact information we need from there.

[chrisronline]

@mikecote So, for our use case, we want to be able to add arbitrary "metadata" to the state of an alert. Then, provide a way to fetch status (like firing/not firing) in addition to this "metadata".

Right now, I'm just storing this as state that is returned from the alert itself. Then, I'm querying the task manager directly and unserializing the state.

To be more specific:

This represents what is stored in the state of our alert and we pull it as part of our server-side query to see which alerts need to show up in the UI, which uses parts to figure out what to show the user.

[mikecote]

@chrisronline thanks! There's a good chance we'll this API in 7.7 as we'll need something similar to pull alert instances in our UIs.