-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification #151148
[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification #151148
Conversation
…-flapping-logic-order
…-flapping-logic-order
Pinging @elastic/response-ops (Team:ResponseOps) |
💚 Build Succeeded
Metrics [docs]Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved the logic around to check flapping after an alert is already returned for notification.
I am trying to understand this description. How was the flapping status generation different in the previous implementation?
The flapping status generation didn't change. I just moved things around in this pr to match what the RFC is expecting. Before we would check to see whether an alert was flapping and then determine if that alert is going to be reported as a notification to users. The flapping status affects whether an alert is reported to the user, and so by checking flapping first we were missing notifications in examples from the RFC that were expecting them. In this pr, I moved the flapping check to be after we determine which alert is going to be reported to the user which aligns more with the RFC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AO changes LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, testing it locally seems to work as expected
…rt is flapping after it's returned for notification (elastic#151148) Resolves elastic#151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications ![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png) (cherry picked from commit 5187a6f)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…an alert is flapping after it's returned for notification (#151148) (#152507) # Backport This will backport the following commits from `main` to `8.7`: - [[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)](#151148) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Alexi Doak","email":"109488926+doakalexi@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-03-01T20:19:38Z","message":"[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)\n\nResolves https://github.com/elastic/kibana/issues/151135\r\n\r\n## Summary\r\n\r\nMoved the logic around to check flapping after an alert is already\r\nreturned for notification. I also updated the event log test cases to\r\nmatch examples in the rfc.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n### To Verify\r\nThe new test cases capture this example but if you want to test it\r\nlocally:\r\n- Create a connector and make sure to save the connector id\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/actions/connector\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"connector_type_id\": \".server-log\",\r\n \"name\": \"server log\",\r\n \"config\": {},\r\n \"secrets\": {}\r\n}'\r\n```\r\n- Create the rule and let it run\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/alerting/rule/\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"rule_type_id\": \"example.pattern\",\r\n \"name\": \"pattern\",\r\n \"schedule\": {\r\n \"interval\": \"5s\"\r\n },\r\n \"actions\": [\r\n { \"group\": \"default\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}\"}},\r\n { \"group\": \"recovered\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} recovered on run flapping {{alert.flapping}}\"}}\r\n ],\r\n \"consumer\": \"alerts\",\r\n \"tags\": [],\r\n \"notify_when\": \"onActionGroupChange\",\r\n \"params\": {\r\n \"patterns\": {\r\n \"instA\": \" a - - a - a - a - a - - - - - - - - \"\r\n }\r\n }\r\n}'\r\n\r\n```\r\n- Verify that you see the following, we want to make sure that aren't\r\nmissing any notifications\r\n\r\n![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v8.7.0","v8.8.0"],"number":151148,"url":"https://github.com/elastic/kibana/pull/151148","mergeCommit":{"message":"[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)\n\nResolves https://github.com/elastic/kibana/issues/151135\r\n\r\n## Summary\r\n\r\nMoved the logic around to check flapping after an alert is already\r\nreturned for notification. I also updated the event log test cases to\r\nmatch examples in the rfc.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n### To Verify\r\nThe new test cases capture this example but if you want to test it\r\nlocally:\r\n- Create a connector and make sure to save the connector id\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/actions/connector\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"connector_type_id\": \".server-log\",\r\n \"name\": \"server log\",\r\n \"config\": {},\r\n \"secrets\": {}\r\n}'\r\n```\r\n- Create the rule and let it run\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/alerting/rule/\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"rule_type_id\": \"example.pattern\",\r\n \"name\": \"pattern\",\r\n \"schedule\": {\r\n \"interval\": \"5s\"\r\n },\r\n \"actions\": [\r\n { \"group\": \"default\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}\"}},\r\n { \"group\": \"recovered\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} recovered on run flapping {{alert.flapping}}\"}}\r\n ],\r\n \"consumer\": \"alerts\",\r\n \"tags\": [],\r\n \"notify_when\": \"onActionGroupChange\",\r\n \"params\": {\r\n \"patterns\": {\r\n \"instA\": \" a - - a - a - a - a - - - - - - - - \"\r\n }\r\n }\r\n}'\r\n\r\n```\r\n- Verify that you see the following, we want to make sure that aren't\r\nmissing any notifications\r\n\r\n![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151148","number":151148,"mergeCommit":{"message":"[ResponseOps] Update flapping logic order to determine whether an alert is flapping after it's returned for notification (#151148)\n\nResolves https://github.com/elastic/kibana/issues/151135\r\n\r\n## Summary\r\n\r\nMoved the logic around to check flapping after an alert is already\r\nreturned for notification. I also updated the event log test cases to\r\nmatch examples in the rfc.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n### To Verify\r\nThe new test cases capture this example but if you want to test it\r\nlocally:\r\n- Create a connector and make sure to save the connector id\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/actions/connector\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"connector_type_id\": \".server-log\",\r\n \"name\": \"server log\",\r\n \"config\": {},\r\n \"secrets\": {}\r\n}'\r\n```\r\n- Create the rule and let it run\r\n```\r\ncurl -X POST -u {username}:{password} \"http://localhost:5601/api/alerting/rule/\" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'\r\n{\r\n \"rule_type_id\": \"example.pattern\",\r\n \"name\": \"pattern\",\r\n \"schedule\": {\r\n \"interval\": \"5s\"\r\n },\r\n \"actions\": [\r\n { \"group\": \"default\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}\"}},\r\n { \"group\": \"recovered\", \"id\": {connector id}, \"params\": { \"message\": \"{{alert.id}} recovered on run flapping {{alert.flapping}}\"}}\r\n ],\r\n \"consumer\": \"alerts\",\r\n \"tags\": [],\r\n \"notify_when\": \"onActionGroupChange\",\r\n \"params\": {\r\n \"patterns\": {\r\n \"instA\": \" a - - a - a - a - a - - - - - - - - \"\r\n }\r\n }\r\n}'\r\n\r\n```\r\n- Verify that you see the following, we want to make sure that aren't\r\nmissing any notifications\r\n\r\n![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)","sha":"5187a6f9aa706a94dbf759b12cc11940698a81b5"}}]}] BACKPORT--> Co-authored-by: Alexi Doak <109488926+doakalexi@users.noreply.github.com>
…rt is flapping after it's returned for notification (elastic#151148) Resolves elastic#151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications ![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)
…rt is flapping after it's returned for notification (elastic#151148) Resolves elastic#151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications ![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)
…rt is flapping after it's returned for notification (#151148) Resolves #151135 ## Summary Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### To Verify The new test cases capture this example but if you want to test it locally: - Create a connector and make sure to save the connector id ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/actions/connector" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "connector_type_id": ".server-log", "name": "server log", "config": {}, "secrets": {} }' ``` - Create the rule and let it run ``` curl -X POST -u {username}:{password} "http://localhost:5601/api/alerting/rule/" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' { "rule_type_id": "example.pattern", "name": "pattern", "schedule": { "interval": "5s" }, "actions": [ { "group": "default", "id": {connector id}, "params": { "message": "{{alert.id}} active on run {{context.runs}} step {{context.patternIndex}} flapping {{alert.flapping}}"}}, { "group": "recovered", "id": {connector id}, "params": { "message": "{{alert.id}} recovered on run flapping {{alert.flapping}}"}} ], "consumer": "alerts", "tags": [], "notify_when": "onActionGroupChange", "params": { "patterns": { "instA": " a - - a - a - a - a - - - - - - - - " } } }' ``` - Verify that you see the following, we want to make sure that aren't missing any notifications ![image](https://user-images.githubusercontent.com/109488926/221615405-48061d10-4b80-4b98-812a-6951da4178da.png)
Resolves #151135
Summary
Moved the logic around to check flapping after an alert is already returned for notification. I also updated the event log test cases to match examples in the rfc.
Checklist
To Verify
The new test cases capture this example but if you want to test it locally: