[9.3] [Obs AI] Extend get_services tool and add get_trace_metrics tool (#247474) | [Obs AI] Replace get_data_sources with get_index_info tool (#248234)#249116
Merged
sorenlouv merged 8 commits intoelastic:9.3from Jan 16, 2026
Conversation
…lastic#247474) Closes elastic/obs-ai-team#427 Closes elastic/obs-ai-team#409 This PR includes the following changes 1. Extend the `get_services` tool to retrieve services from logs and metrics. 2. Adds a new tool to retrieve RED metrics for services - `get_trace_metrics` 3. Allows drilling down into a particular service for further investigation Differences between the 2 tools: Tool | get_services | get_trace_metrics -- | -- | -- Purpose | High-level overview of all services | Detailed drill-down into specific services Data Sources | APM, Logs, and Metrics | APM only (RED/trace metrics can be obtained only for APM services) Filtering | By environment, health status | By KQL filter (any field) Grouping | Fixed (by service) | Flexible (by transaction, host, container, etc.) Transaction Types | Includes only the primary transaction type (the transaction type with the higher throughput) | Includes all transaction types - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. _Cursor + Claude-4.5-Opus-High was used in this PR_ --------- Co-authored-by: Arturo Lidueña <arturo.liduena@elastic.co> (cherry picked from commit c8f30f8)
…ic#248234) Closes elastic/obs-ai-team#455 This PR introduces the `get_index_info` tool which replaces `get_data_sources` and adds field discovery capabilities. This is similar to the `get_dataset_info` tool we have for Obs AI Assistant. The tool has three operations: **`get_index_info({ operation: "get-overview" })`** Returns the same data sources as `get_data_sources` (APM indices, logs, metrics, alerts) plus a list of curated observability fields that exist in the cluster. Each field includes a `schema` indicator (`ecs`, `otel`, or `internal`). **`get_index_info({ operation: "list-fields", index, start?, end?, kqlFilter?, intent? })`** Returns fields with actual data. If the LLM specifies an `intent` and there are >100 fields, we filter them using a model to just the relevant ones. **`get_index_info({ operation: "get-field-values", index, fields })`** Returns field values: - Distinct values for keyword fields - Min/max ranges for numeric and date fields The LLM needs to know what fields exist in the user's cluster before building queries. Without this, it guesses field names which leads to invalid filters and confusing errors. This is especially important because customers can use different schemas (ECS vs OTel). Run the synthtrace scenario to populate observability indices with test data: ```bash node scripts/synthtrace \ src/platform/packages/shared/kbn-synthtrace/src/scenarios/agent_builder/tools/get_index_info/curated_fields.ts \ --from "now-15m" --to "now" --clean --workers=1 ``` ``` POST kbn:///api/agent_builder/tools/_execute { "tool_id": "observability.get_index_info", "tool_params": { "operation": "get-overview" } } ``` ``` POST kbn:///api/agent_builder/tools/_execute { "tool_id": "observability.get_index_info", "tool_params": { "operation": "get-field-values", "index": "metrics-*", "fields": "host.name" } } ``` (cherry picked from commit b6be8eb)
botelastic
bot
added
the
Team:obs-presentation
This was referenced Jan 14, 2026
Contributor
|
Pinging @elastic/obs-presentation-team (Team:obs-presentation) |
viduni94
reviewed
Jan 15, 2026
x-pack/solutions/security/test/security_solution_endpoint/apps/integrations/policy_details.ts
Show resolved
Hide resolved
viduni94
approved these changes
Jan 15, 2026
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Public APIs missing comments
History
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto9.3:get_servicestool and addget_trace_metricstool (#247474)get_data_sourceswithget_index_infotool (#248234)Questions ?
Please refer to the Backport tool documentation