[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification #151148
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
doakalexi
changed the title
doakalexi
added
Team:ResponseOps
…-flapping-logic-order
…-flapping-logic-order
|
Pinging @elastic/response-ops (Team:ResponseOps) |
doakalexi
added
the
release_note:skip
💚 Build Succeeded
Metrics [docs]Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
The flapping status generation didn't change. I just moved things around in this pr to match what the RFC is expecting. Before we would check to see whether an alert was flapping and then determine if that alert is going to be reported as a notification to users. The flapping status affects whether an alert is reported to the user, and so by checking flapping first we were missing notifications in examples from the RFC that were expecting them. In this pr, I moved the flapping check to be after we determine which alert is going to be reported to the user which aligns more with the RFC |
pmuellr
approved these changes
Mar 1, 2023
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 1, 2023
…rt is flapping after it's returned for notification (elastic#151148) Resolves elastic#151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications  (cherry picked from commit 5187a6f)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Mar 1, 2023
…an alert is flapping after it's returned for notification (#151148) (#152507) # Backport This will backport the following commits from `main` to `8.7`: - [[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)](#151148) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Alexi Doak","email":"109488926+doakalexi@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-03-01T20:19:38Z","message":"[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)\n\nResolves https://github.com/elastic/kibana/issues/151135\r\n\r\n## Summary\r\n\r\nMoved the logic around to check flapping after an alert is already\r\nreturned for notification. I also updated the event log test cases to\r\nmatch examples in the rfc.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n### To Verify\r\nThe new test cases capture this example but if you want to test it\r\nlocally:\r\n- Create a connector and make sure to save the connector id\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/actions/connector\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"connector_type_id\": \".server-log\",\r\n \"name\": \"server log\",\r\n \"config\": {},\r\n \"secrets\": {}\r\n}'\r\n```\r\n- Create the rule and let it run\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/alerting/rule/\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"rule_type_id\": \"example.pattern\",\r\n \"name\": \"pattern\",\r\n \"schedule\": {\r\n \"interval\": \"5s\"\r\n },\r\n \"actions\": [\r\n { \"group\": \"default\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}\"}},\r\n { \"group\": \"recovered\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} recovered on run flapping {{alert.flapping}}\"}}\r\n ],\r\n \"consumer\": \"alerts\",\r\n \"tags\": [],\r\n \"notify_when\": \"onActionGroupChange\",\r\n \"params\": {\r\n \"patterns\": {\r\n \"instA\": \" a - - a - a - a - a - - - - - - - - \"\r\n }\r\n }\r\n}'\r\n\r\n```\r\n- Verify that you see the following, we want to make sure that aren't\r\nmissing any notifications\r\n\r\n","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v8.7.0","v8.8.0"],"number":151148,"url":"https://github.com/elastic/kibana/pull/151148","mergeCommit":{"message":"[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)\n\nResolves https://github.com/elastic/kibana/issues/151135\r\n\r\n## Summary\r\n\r\nMoved the logic around to check flapping after an alert is already\r\nreturned for notification. I also updated the event log test cases to\r\nmatch examples in the rfc.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n### To Verify\r\nThe new test cases capture this example but if you want to test it\r\nlocally:\r\n- Create a connector and make sure to save the connector id\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/actions/connector\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"connector_type_id\": \".server-log\",\r\n \"name\": \"server log\",\r\n \"config\": {},\r\n \"secrets\": {}\r\n}'\r\n```\r\n- Create the rule and let it run\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/alerting/rule/\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"rule_type_id\": \"example.pattern\",\r\n \"name\": \"pattern\",\r\n \"schedule\": {\r\n \"interval\": \"5s\"\r\n },\r\n \"actions\": [\r\n { \"group\": \"default\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}\"}},\r\n { \"group\": \"recovered\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} recovered on run flapping {{alert.flapping}}\"}}\r\n ],\r\n \"consumer\": \"alerts\",\r\n \"tags\": [],\r\n \"notify_when\": \"onActionGroupChange\",\r\n \"params\": {\r\n \"patterns\": {\r\n \"instA\": \" a - - a - a - a - a - - - - - - - - \"\r\n }\r\n }\r\n}'\r\n\r\n```\r\n- Verify that you see the following, we want to make sure that aren't\r\nmissing any notifications\r\n\r\n","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151148","number":151148,"mergeCommit":{"message":"[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)\n\nResolves https://github.com/elastic/kibana/issues/151135\r\n\r\n## Summary\r\n\r\nMoved the logic around to check flapping after an alert is already\r\nreturned for notification. I also updated the event log test cases to\r\nmatch examples in the rfc.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n### To Verify\r\nThe new test cases capture this example but if you want to test it\r\nlocally:\r\n- Create a connector and make sure to save the connector id\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/actions/connector\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"connector_type_id\": \".server-log\",\r\n \"name\": \"server log\",\r\n \"config\": {},\r\n \"secrets\": {}\r\n}'\r\n```\r\n- Create the rule and let it run\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/alerting/rule/\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"rule_type_id\": \"example.pattern\",\r\n \"name\": \"pattern\",\r\n \"schedule\": {\r\n \"interval\": \"5s\"\r\n },\r\n \"actions\": [\r\n { \"group\": \"default\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}\"}},\r\n { \"group\": \"recovered\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} recovered on run flapping {{alert.flapping}}\"}}\r\n ],\r\n \"consumer\": \"alerts\",\r\n \"tags\": [],\r\n \"notify_when\": \"onActionGroupChange\",\r\n \"params\": {\r\n \"patterns\": {\r\n \"instA\": \" a - - a - a - a - a - - - - - - - - \"\r\n }\r\n }\r\n}'\r\n\r\n```\r\n- Verify that you see the following, we want to make sure that aren't\r\nmissing any notifications\r\n\r\n","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5"}}]}] BACKPORT--> Co-authored-by: Alexi Doak <109488926+doakalexi@users.noreply.github.com>
sloanelybutsurely
pushed a commit
to sloanelybutsurely/kibana
that referenced
this pull request
Mar 8, 2023
…rt is flapping after it's returned for notification (elastic#151148) Resolves elastic#151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications 
bmorelli25
pushed a commit
to bmorelli25/kibana
that referenced
this pull request
Mar 10, 2023
…rt is flapping after it's returned for notification (elastic#151148) Resolves elastic#151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications 
nkhristinin
pushed a commit
that referenced
this pull request
Mar 22, 2023
![https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v8.7.0","v8.8.0"],"number":151148,"url":"https://github.com/elastic/kibana/pull/151148","mergeCommit":{"message":"[ResponseOps]](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v8.7.0","v8.8.0"],"number":151148,"url":"https://github.com/elastic/kibana/pull/151148","mergeCommit":{"message":"[ResponseOps]){kind=link}
![https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151148","number":151148,"mergeCommit":{"message":"[ResponseOps]](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151148","number":151148,"mergeCommit":{"message":"[ResponseOps]){kind=link}
","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5){kind=link}
…rt is flapping after it's returned for notification (#151148) Resolves #151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications 
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #151135
Summary
Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc.
Checklist
To Verify
The new test cases capture this example but if you want to test it locally: