-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Metrics UI] Create new Inventory Anomaly alert #74809
Comments
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
For the condition editor, the screenshot indicates:
Should it instead be:
like the Inventory alert already supports? |
@Zacqary good question. It should be |
Are we using numbers, as in the screenshot, or Warning/Minor/Major/Critical? What's the desired input? Also I don't see a field for ML job. Or is that |
@Zacqary We're not using numbers, we're using the 4 severity levels. To my knowledge, this alert shouldn't have multiple conditions. The ML job part is the |
Apologies for not picking up on this earlier, but now that I've started implementing this alert I realize I'm not sure about its action messaging behaviors.
I'm worried that the alerting plugin's hyper-customizable action messages are driving us to neglect thinking about action messaging as a product design decision. Since they're hidden beneath a clickthrough they feel like a second-class part of the UI and it's easy for both designer and engineer to forget about them until very late in the process like this. |
@Zacqary I agree, we should be more thoughtful about details like this.
Regarding the second question, @grabowskit, can you advise? |
I'm not seeing an obvious way to do this using KQL queries the way we do them with other alerts. Should we just allow you to filter by influencer? i.e. limit the filter field to either |
Did some research, and given the limited number of influencer fields, I'm not sure if it makes sense to use the KQL search bar for this alert. I think it would be better to use a dropdown where you can select [ Using the KQL component would allow the user to easily enter filter queries that could never possibly return anything, and be a headache to parse on the backend since the filter JSON it outputs can't be slipped right into the anomalies query. We need to separate the field name and the query string, and the KQL outputs these in an inconsistent format depending on whether wildcards are present or not. |
Add a new alert for ML anomaly data.
Acceptance Criteria:
The text was updated successfully, but these errors were encountered: