github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Add solution selection to maintenance windows (#169441)

Browse source
This commit is contained in:
Lisa Cawley 2023-11-03 11:36:55 -07:00 committed by GitHub
parent 0cd75d9126
commit 89dd69656c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 789 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

37
docs/api/alerting/list_rule_types.asciidoc
View file

@ -63,9 +63,14 @@ context and state in action parameter templates, and a short human readable
description. When you create a rule in {kib}, it uses this information to prompt
you for these variables in action parameter editors.
// `alerts`:: TBD
`authorized_consumers`::
(object) The list of the plugins IDs that have access to the rule type.
`category`::
(string) The rule category, which is used by features such as category-specific maintenance windows.
`default_action_group_id`::
(string) The default ID for the rule type group.
@ -77,6 +82,10 @@ action.
(boolean) Indicates whether the rule type is enabled or disabled based on the
subscription.
// `has_alerts_mappings`:: TBD
// `has_fields_for_a_a_d`:: TBD
`id`::
(string) The unique identifier for the rule type.
@ -121,7 +130,28 @@ the API returns the following:
{
"id":"logs.alert.document.count",
"name":"Log threshold",
"category": "observability",
"producer":"logs",
"alerts": {
"context": "observability.logs",
"mappings": {
"fieldMap": {
"kibana.alert.evaluation.threshold": {
"type": "scaled_float",
"scaling_factor": 100,
"required": false
},
"kibana.alert.evaluation.value": {
"type": "scaled_float",
"scaling_factor": 100,
"required": false
},
...
}
},
"useEcs": true,
"useLegacyAlerts": true
},
"enabled_in_license":true,
"recovery_action_group":{
"id":"recovered",
@ -164,7 +194,10 @@ the API returns the following:
"logs":{"read":true,"all":false},
"alerts":{"read":true,"all":false}
},
"does_set_recovery_context":true
}
"does_set_recovery_context":true,
"has_alerts_mappings": true,
"has_fields_for_a_a_d": true
},
....
]
--------------------------------------------------

BIN
docs/management/maintenance-windows/images/create-maintenance-window.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 114 KiB

After

Width:  |  Height:  |  Size: 209 KiB

Before After
Before After

6
docs/management/maintenance-windows/maintenance-windows.asciidoc
View file

@ -11,7 +11,7 @@ preview::[]
You can schedule single or recurring maintenance windows to temporarily reduce rule notifications.
For example, a maintenance window prevents false alarms during planned outages.
Maintenance windows affect all rules in all {kib} apps and spaces.
By default, maintenance windows affect all rules in all {kib} apps and spaces.
Alerts continue to be generated, however notifications are suppressed as follows:
- When an alert occurs during a maintenance window, there are no notifications.
@ -42,6 +42,10 @@ You can optionally configure it to repeat daily, monthly, yearly, or on a custom
image::images/create-maintenance-window.png[The Create Maintenance Window user interface in {kib}]
// NOTE: This is an autogenerated screenshot. Do not edit it directly.
By default, maintenance windows affect all categories of rules.
The category-specific maintenance window options alter this behavior.
For the definitive list of rule types in each category, refer to the <<list-rule-types-api,get rule types API>>.
A maintenance window can have any one of the following statuses:
- `Upcoming`: It will run at the scheduled date and time.

273
x-pack/plugins/alerting/docs/openapi/bundled.json
View file

@ -862,6 +862,9 @@
}
}
},
"alerts": {
"type": "object"
},
"authorized_consumers": {
"description": "The list of the plugins IDs that have access to the rule type.",
"type": "object",
@ -978,6 +981,15 @@
}
}
},
"category": {
"type": "string",
"description": "The rule category, which is used by features such as category-specific maintenance windows.",
"enum": [
"management",
"observability",
"securitySolution"
]
},
"default_action_group_id": {
"description": "The default identifier for the rule type group.",
"type": "string"
@ -990,6 +1002,12 @@
"description": "Indicates whether the rule type is enabled or disabled based on the subscription.",
"type": "boolean"
},
"has_alerts_mappings": {
"type": "boolean"
},
"has_fields_for_a_a_d": {
"type": "boolean"
},
"id": {
"description": "The unique identifier for the rule type.",
"type": "string"
@ -7570,6 +7588,127 @@
"value": [
{
"id": "xpack.ml.anomaly_detection_alert",
"name": "Anomaly detection alert",
"category": "management",
"producer": "ml",
"alerts": {
"context": "ml.anomaly-detection",
"mappings": {
"fieldMap": {
"kibana.alert.job_id": {
"type": "keyword",
"array": false,
"required": true
},
"kibana.alert.anomaly_score": {
"type": "double",
"array": false,
"required": false
},
"kibana.alert.is_interim": {
"type": "boolean",
"array": false,
"required": false
},
"kibana.alert.anomaly_timestamp": {
"type": "date",
"array": false,
"required": false
},
"kibana.alert.top_records": {
"type": "object",
"array": true,
"required": false,
"dynamic": false,
"properties": {
"job_id": {
"type": "keyword"
},
"record_score": {
"type": "double"
},
"initial_record_score": {
"type": "double"
},
"detector_index": {
"type": "integer"
},
"is_interim": {
"type": "boolean"
},
"timestamp": {
"type": "date"
},
"partition_field_name": {
"type": "keyword"
},
"partition_field_value": {
"type": "keyword"
},
"over_field_name": {
"type": "keyword"
},
"over_field_value": {
"type": "keyword"
},
"by_field_name": {
"type": "keyword"
},
"by_field_value": {
"type": "keyword"
},
"function": {
"type": "keyword"
},
"typical": {
"type": "double"
},
"actual": {
"type": "double"
},
"field_name": {
"type": "keyword"
}
}
},
"kibana.alert.top_influencers": {
"type": "object",
"array": true,
"required": false,
"dynamic": false,
"properties": {
"job_id": {
"type": "keyword"
},
"influencer_field_name": {
"type": "keyword"
},
"influencer_field_value": {
"type": "keyword"
},
"influencer_score": {
"type": "double"
},
"initial_influencer_score": {
"type": "double"
},
"is_interim": {
"type": "boolean"
},
"timestamp": {
"type": "date"
}
}
}
}
},
"shouldWrite": true
},
"enabled_in_license": true,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"action_groups": [
{
"id": "anomaly_score_match",
@ -7580,6 +7719,10 @@
"name": "Recovered"
}
],
"default_action_group_id": "anomaly_score_match",
"minimum_license_required": "platinum",
"is_exportable": true,
"rule_task_timeout": "5m",
"action_variables": {
"context": [
{
@ -7620,34 +7763,69 @@
"useWithTripleBracesInTemplates": true
}
],
"params": [],
"state": []
"state": [],
"params": []
},
"authorized_consumers": {
"alerts": {
"all": true,
"read": true
"read": true,
"all": true
},
"stackAlerts": {
"read": true,
"all": true
},
"slo": {
"read": true,
"all": true
},
"ml": {
"all": true,
"read": true
"read": true,
"all": true
},
"uptime": {
"read": true,
"all": true
},
"infrastructure": {
"read": true,
"all": true
},
"logs": {
"read": true,
"all": true
},
"monitoring": {
"read": true,
"all": true
},
"siem": {
"read": true,
"all": true
},
"apm": {
"read": true,
"all": true
},
"discover": {
"read": true,
"all": true
}
},
"default_action_group_id": "anomaly_score_match",
"does_set_recovery_context": true,
"enabled_in_license": true,
"is_exportable": true,
"minimum_license_required": "platinum",
"name": "Anomaly detection alert",
"has_alerts_mappings": true,
"has_fields_for_a_a_d": false
},
{
"id": "xpack.ml.anomaly_detection_jobs_health",
"name": "Anomaly detection jobs health",
"category": "management",
"producer": "ml",
"enabled_in_license": true,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"rule_task_timeout": "5m"
},
{
"id": "xpack.ml.anomaly_detection_jobs_health",
"action_groups": [
{
"id": "anomaly_detection_realtime_issue",
@ -7658,6 +7836,10 @@
"name": "Recovered"
}
],
"default_action_group_id": "anomaly_detection_realtime_issue",
"minimum_license_required": "platinum",
"is_exportable": true,
"rule_task_timeout": "5m",
"action_variables": {
"context": [
{
@ -7669,31 +7851,58 @@
"description": "Alert info message"
}
],
"params": [],
"state": []
"state": [],
"params": []
},
"authorized_consumers": {
"alerts": {
"all": true,
"read": true
"read": true,
"all": true
},
"stackAlerts": {
"read": true,
"all": true
},
"slo": {
"read": true,
"all": true
},
"ml": {
"all": true,
"read": true
"read": true,
"all": true
},
"uptime": {
"read": true,
"all": true
},
"infrastructure": {
"read": true,
"all": true
},
"logs": {
"read": true,
"all": true
},
"monitoring": {
"read": true,
"all": true
},
"siem": {
"read": true,
"all": true
},
"apm": {
"read": true,
"all": true
},
"discover": {
"read": true,
"all": true
}
},
"default_action_group_id": "anomaly_detection_realtime_issue",
"does_set_recovery_context": true,
"enabled_in_license": true,
"is_exportable": true,
"minimum_license_required": "platinum",
"name": "Anomaly detection jobs health",
"producer": "ml",
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"rule_task_timeout": "5m"
"has_alerts_mappings": false,
"has_fields_for_a_a_d": false
}
]
}

198
x-pack/plugins/alerting/docs/openapi/bundled.yaml
View file

@ -550,6 +550,8 @@ paths:
type: string
name:
type: string
alerts:
type: object
authorized_consumers:
description: The list of the plugins IDs that have access to the rule type.
type: object
@ -624,6 +626,13 @@ paths:
type: boolean
read:
type: boolean
category:
type: string
description: The rule category, which is used by features such as category-specific maintenance windows.
enum:
- management
- observability
- securitySolution
default_action_group_id:
description: The default identifier for the rule type group.
type: string
@ -633,6 +642,10 @@ paths:
enabled_in_license:
description: Indicates whether the rule type is enabled or disabled based on the subscription.
type: boolean
has_alerts_mappings:
type: boolean
has_fields_for_a_a_d:
type: boolean
id:
description: The unique identifier for the rule type.
type: string
@ -5357,11 +5370,101 @@ components:
summary: Retrieve rule types associated with Kibana machine learning features
value:
- id: xpack.ml.anomaly_detection_alert
name: Anomaly detection alert
category: management
producer: ml
alerts:
context: ml.anomaly-detection
mappings:
fieldMap:
kibana.alert.job_id:
type: keyword
array: false
required: true
kibana.alert.anomaly_score:
type: double
array: false
required: false
kibana.alert.is_interim:
type: boolean
array: false
required: false
kibana.alert.anomaly_timestamp:
type: date
array: false
required: false
kibana.alert.top_records:
type: object
array: true
required: false
dynamic: false
properties:
job_id:
type: keyword
record_score:
type: double
initial_record_score:
type: double
detector_index:
type: integer
is_interim:
type: boolean
timestamp:
type: date
partition_field_name:
type: keyword
partition_field_value:
type: keyword
over_field_name:
type: keyword
over_field_value:
type: keyword
by_field_name:
type: keyword
by_field_value:
type: keyword
function:
type: keyword
typical:
type: double
actual:
type: double
field_name:
type: keyword
kibana.alert.top_influencers:
type: object
array: true
required: false
dynamic: false
properties:
job_id:
type: keyword
influencer_field_name:
type: keyword
influencer_field_value:
type: keyword
influencer_score:
type: double
initial_influencer_score:
type: double
is_interim:
type: boolean
timestamp:
type: date
shouldWrite: true
enabled_in_license: true
recovery_action_group:
id: recovered
name: Recovered
action_groups:
- id: anomaly_score_match
name: Anomaly score matched the condition
- id: recovered
name: Recovered
default_action_group_id: anomaly_score_match
minimum_license_required: platinum
is_exportable: true
rule_task_timeout: 5m
action_variables:
context:
- name: timestamp
@ -5383,55 +5486,104 @@ components:
- name: anomalyExplorerUrl
description: URL to open in the Anomaly Explorer
useWithTripleBracesInTemplates: true
params: []
state: []
params: []
authorized_consumers:
alerts:
all: true
read: true
all: true
stackAlerts:
read: true
all: true
slo:
read: true
all: true
ml:
all: true
read: true
default_action_group_id: anomaly_score_match
all: true
uptime:
read: true
all: true
infrastructure:
read: true
all: true
logs:
read: true
all: true
monitoring:
read: true
all: true
siem:
read: true
all: true
apm:
read: true
all: true
discover:
read: true
all: true
does_set_recovery_context: true
enabled_in_license: true
is_exportable: true
minimum_license_required: platinum
name: Anomaly detection alert
has_alerts_mappings: true
has_fields_for_a_a_d: false
- id: xpack.ml.anomaly_detection_jobs_health
name: Anomaly detection jobs health
category: management
producer: ml
enabled_in_license: true
recovery_action_group:
id: recovered
name: Recovered
rule_task_timeout: 5m
- id: xpack.ml.anomaly_detection_jobs_health
action_groups:
- id: anomaly_detection_realtime_issue
name: Issue detected
- id: recovered
name: Recovered
default_action_group_id: anomaly_detection_realtime_issue
minimum_license_required: platinum
is_exportable: true
rule_task_timeout: 5m
action_variables:
context:
- name: results
description: Results of the rule execution
- name: message
description: Alert info message
params: []
state: []
params: []
authorized_consumers:
alerts:
all: true
read: true
all: true
stackAlerts:
read: true
all: true
slo:
read: true
all: true
ml:
all: true
read: true
default_action_group_id: anomaly_detection_realtime_issue
all: true
uptime:
read: true
all: true
infrastructure:
read: true
all: true
logs:
read: true
all: true
monitoring:
read: true
all: true
siem:
read: true
all: true
apm:
read: true
all: true
discover:
read: true
all: true
does_set_recovery_context: true
enabled_in_license: true
is_exportable: true
minimum_license_required: platinum
name: Anomaly detection jobs health
producer: ml
recovery_action_group:
id: recovered
name: Recovered
rule_task_timeout: 5m
has_alerts_mappings: false
has_fields_for_a_a_d: false

399
x-pack/plugins/alerting/docs/openapi/components/examples/get_rule_types_response.yaml
View file

@ -1,81 +1,322 @@
summary: Retrieve rule types associated with Kibana machine learning features
value:
- id: xpack.ml.anomaly_detection_alert
action_groups:
- id: anomaly_score_match
name: Anomaly score matched the condition
- id: recovered
name: Recovered
action_variables:
context:
- name: timestamp
description: The bucket timestamp of the anomaly
- name: timestampIso8601
description: The bucket time of the anomaly in ISO8601 format
- name: jobIds
description: List of job IDs that triggered the alert
- name: message
description: Alert info message
- name: isInterim
description: Indicate if top hits contain interim results
- name: score
description: Anomaly score at the time of the notification action
- name: topRecords
description: Top records
- name: topInfluencers
description: Top influencers
- name: anomalyExplorerUrl
description: URL to open in the Anomaly Explorer
useWithTripleBracesInTemplates: true
params: []
state: []
authorized_consumers:
alerts:
all: true
read: true
ml:
all: true
read: true
default_action_group_id: anomaly_score_match
does_set_recovery_context: true
enabled_in_license: true
is_exportable: true
minimum_license_required: platinum
name: Anomaly detection alert
producer: ml
recovery_action_group:
id: recovered
name: Recovered
rule_task_timeout: 5m
- id: xpack.ml.anomaly_detection_jobs_health
action_groups:
- id: anomaly_detection_realtime_issue
name: Issue detected
- id: recovered
name: Recovered
action_variables:
context:
- name: results
description: Results of the rule execution
- name: message
description: Alert info message
params: []
state: []
authorized_consumers:
alerts:
all: true
read: true
ml:
all: true
read: true
default_action_group_id: anomaly_detection_realtime_issue
does_set_recovery_context: true
enabled_in_license: true
is_exportable: true
minimum_license_required: platinum
name: Anomaly detection jobs health
producer: ml
recovery_action_group:
id: recovered
name: Recovered
rule_task_timeout: 5m
[
{
"id": "xpack.ml.anomaly_detection_alert",
"name": "Anomaly detection alert",
"category": "management",
"producer": "ml",
"alerts": {
"context": "ml.anomaly-detection",
"mappings": {
"fieldMap": {
"kibana.alert.job_id": {
"type": "keyword",
"array": false,
"required": true
},
"kibana.alert.anomaly_score": {
"type": "double",
"array": false,
"required": false
},
"kibana.alert.is_interim": {
"type": "boolean",
"array": false,
"required": false
},
"kibana.alert.anomaly_timestamp": {
"type": "date",
"array": false,
"required": false
},
"kibana.alert.top_records": {
"type": "object",
"array": true,
"required": false,
"dynamic": false,
"properties": {
"job_id": {
"type": "keyword"
},
"record_score": {
"type": "double"
},
"initial_record_score": {
"type": "double"
},
"detector_index": {
"type": "integer"
},
"is_interim": {
"type": "boolean"
},
"timestamp": {
"type": "date"
},
"partition_field_name": {
"type": "keyword"
},
"partition_field_value": {
"type": "keyword"
},
"over_field_name": {
"type": "keyword"
},
"over_field_value": {
"type": "keyword"
},
"by_field_name": {
"type": "keyword"
},
"by_field_value": {
"type": "keyword"
},
"function": {
"type": "keyword"
},
"typical": {
"type": "double"
},
"actual": {
"type": "double"
},
"field_name": {
"type": "keyword"
}
}
},
"kibana.alert.top_influencers": {
"type": "object",
"array": true,
"required": false,
"dynamic": false,
"properties": {
"job_id": {
"type": "keyword"
},
"influencer_field_name": {
"type": "keyword"
},
"influencer_field_value": {
"type": "keyword"
},
"influencer_score": {
"type": "double"
},
"initial_influencer_score": {
"type": "double"
},
"is_interim": {
"type": "boolean"
},
"timestamp": {
"type": "date"
}
}
}
}
},
"shouldWrite": true
},
"enabled_in_license": true,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"action_groups": [
{
"id": "anomaly_score_match",
"name": "Anomaly score matched the condition"
},
{
"id": "recovered",
"name": "Recovered"
}
],
"default_action_group_id": "anomaly_score_match",
"minimum_license_required": "platinum",
"is_exportable": true,
"rule_task_timeout": "5m",
"action_variables": {
"context": [
{
"name": "timestamp",
"description": "The bucket timestamp of the anomaly"
},
{
"name": "timestampIso8601",
"description": "The bucket time of the anomaly in ISO8601 format"
},
{
"name": "jobIds",
"description": "List of job IDs that triggered the alert"
},
{
"name": "message",
"description": "Alert info message"
},
{
"name": "isInterim",
"description": "Indicate if top hits contain interim results"
},
{
"name": "score",
"description": "Anomaly score at the time of the notification action"
},
{
"name": "topRecords",
"description": "Top records"
},
{
"name": "topInfluencers",
"description": "Top influencers"
},
{
"name": "anomalyExplorerUrl",
"description": "URL to open in the Anomaly Explorer",
"useWithTripleBracesInTemplates": true
}
],
"state": [],
"params": []
},
"authorized_consumers": {
"alerts": {
"read": true,
"all": true
},
"stackAlerts": {
"read": true,
"all": true
},
"slo": {
"read": true,
"all": true
},
"ml": {
"read": true,
"all": true
},
"uptime": {
"read": true,
"all": true
},
"infrastructure": {
"read": true,
"all": true
},
"logs": {
"read": true,
"all": true
},
"monitoring": {
"read": true,
"all": true
},
"siem": {
"read": true,
"all": true
},
"apm": {
"read": true,
"all": true
},
"discover": {
"read": true,
"all": true
}
},
"does_set_recovery_context": true,
"has_alerts_mappings": true,
"has_fields_for_a_a_d": false
},
{
"id": "xpack.ml.anomaly_detection_jobs_health",
"name": "Anomaly detection jobs health",
"category": "management",
"producer": "ml",
"enabled_in_license": true,
"recovery_action_group": {
"id": "recovered",
"name": "Recovered"
},
"action_groups": [
{
"id": "anomaly_detection_realtime_issue",
"name": "Issue detected"
},
{
"id": "recovered",
"name": "Recovered"
}
],
"default_action_group_id": "anomaly_detection_realtime_issue",
"minimum_license_required": "platinum",
"is_exportable": true,
"rule_task_timeout": "5m",
"action_variables": {
"context": [
{
"name": "results",
"description": "Results of the rule execution"
},
{
"name": "message",
"description": "Alert info message"
}
],
"state": [],
"params": []
},
"authorized_consumers": {
"alerts": {
"read": true,
"all": true
},
"stackAlerts": {
"read": true,
"all": true
},
"slo": {
"read": true,
"all": true
},
"ml": {
"read": true,
"all": true
},
"uptime": {
"read": true,
"all": true
},
"infrastructure": {
"read": true,
"all": true
},
"logs": {
"read": true,
"all": true
},
"monitoring": {
"read": true,
"all": true
},
"siem": {
"read": true,
"all": true
},
"apm": {
"read": true,
"all": true
},
"discover": {
"read": true,
"all": true
}
},
"does_set_recovery_context": true,
"has_alerts_mappings": false,
"has_fields_for_a_a_d": false
}
]

13
x-pack/plugins/alerting/docs/openapi/paths/s@{spaceid}@api@alerting@rule_types.yaml
View file

@ -74,6 +74,8 @@ get:
type: string
name:
type: string
alerts:
type: object
authorized_consumers:
description: The list of the plugins IDs that have access to the rule type.
type: object
@ -148,6 +150,13 @@ get:
type: boolean
read:
type: boolean
category:
type: string
description: The rule category, which is used by features such as category-specific maintenance windows.
enum:
- management
- observability
- securitySolution
default_action_group_id:
description: The default identifier for the rule type group.
type: string
@ -157,6 +166,10 @@ get:
enabled_in_license:
description: Indicates whether the rule type is enabled or disabled based on the subscription.
type: boolean
has_alerts_mappings:
type: boolean
has_fields_for_a_a_d:
type: boolean
id:
description: The unique identifier for the rule type.
type: string