[Alerting] Add event log entry when a rule starts executing#102001
Merged
chrisronline merged 11 commits intoelastic:masterfrom Jun 17, 2021
Merged
[Alerting] Add event log entry when a rule starts executing#102001chrisronline merged 11 commits intoelastic:masterfrom
chrisronline merged 11 commits intoelastic:masterfrom
Conversation
chrisronline
added
Feature:Alerting
Feature:EventLog
Team:ResponseOps
Contributor
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
ymao1
reviewed
Jun 15, 2021
Contributor
|
There are some functional tests for event log in |
Contributor
Author
|
Great tip @ymao1! I've updated those tests to account for this new event log entry! |
ymao1
approved these changes
Jun 16, 2021
Contributor
ymao1
left a comment
ymao1
left a comment
There was a problem hiding this comment.
LGTM! Tested out some rules locally and saw the execute-start event log entry for event.provider: alerting.
Do you think we should add the same thing for actions? There is an execute document for actions that gets written at the end of action execution. Is there value in adding an execute-start document as well?
Contributor
Author
Contributor
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
mikecote
approved these changes
Jun 17, 2021
Contributor
mikecote
left a comment
mikecote
left a comment
There was a problem hiding this comment.
Changes LGTM! Tested locally and saw the start events logged.
chrisronline
added a commit
to chrisronline/kibana
that referenced
this pull request
Jun 17, 2021
…102001) * Add event log entry when a rule starts executing * Add in alertId * Add more logging and fix tests * Use existing startTiming logic * Add additional tests
chrisronline
added a commit
that referenced
this pull request
Jun 17, 2021
…#102558) * Add event log entry when a rule starts executing * Add in alertId * Add more logging and fix tests * Use existing startTiming logic * Add additional tests Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jun 18, 2021
…ets-tab * 'master' of github.com:elastic/kibana: (93 commits) [ML] Remove blank job definition as it is unused and out-of-sync with Elasticsearch (elastic#102506) [Lens] Fix wrong error detection on transition to Top values operation (elastic#102384) [ML] Anomaly detection job custom_settings improvements (elastic#102099) [Cases] Route: Get all alerts attach to a case (elastic#101878) Fixes wrong list exception type when creating endpoint event filters list (elastic#102522) remove search bar that's not working yet (elastic#102550) Migrated Ingest Node Pipeline Functional Tests to use test_user (elastic#102409) [Maps] clean up feature editing name space to avoid conflicts with layer settings editing (elastic#102516) [canvas] Refactor Storybook from bespoke to standard configuration (elastic#101962) [Security Solution] adds wrapSequences method (RAC) (elastic#102106) [FTR] Stabilize SSLP functional tests (elastic#102553) [K8] Added `Inter` font files for new theme (elastic#102359) [Workplace Search] Convert Groups pages to new page template (elastic#102449) [DOC] Add experimental disclaimer to rollup jobs (elastic#95624) [Security Solution][Endpoint] Suppress some of the jest console.error noise created by endpoint list middelware (elastic#102535) [Fleet] Improve performance of Fleet setup (elastic#102219) [Alerting] Add event log entry when a rule starts executing (elastic#102001) [Fleet] Update docker image of registry used in integration tests (elastic#101911) [Asset Management] Osquery telemetry updates (elastic#100754) Converts saved object tagging to new management layout (elastic#102284) ... # Conflicts: # x-pack/plugins/fleet/kibana.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #101507
This PR adds an additional event to the event log that indicates when an alert starts executing. Currently, we only log to the event log when the alert finishes execution which helps us understand what rules finished execution and when, but it does not tell us which rules started executing but never finished. This PR aims to address this which will help diagnose issues with rules not executing as expected.