Add new gap fill status for rules#242595
Conversation
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
nkhristinin
added
release_note:enhancement
backport:skip
… into rules-with-gap-status
…ection_engine/rule_management_ui/components/rules_table/use_columns.tsx Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
|
Hey, @maximpn, @approksiu I make gap fill status filter available only on rule monitoring tab. With those changes I removed ability to store this filter in URL, so when page reload or we leave rule monitoring tab - gap fill status will be reseted |
yes, its how it works right now |
|
@elasticmachine merge upstream |
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@nkhristinin Thanks for addressing my critical comments and removing Gap fill status filter from the Installed Rules table 🙏
Some of my comments are still relevant. For example total number of rules with gaps number is flickering upon loading. Most probably we should have a task to track them.
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
History
cc @nkhristinin |
ymao1
left a comment
ymao1
left a comment
There was a problem hiding this comment.
Response ops changes LGTM. Code review only
|
@elasticmachine merge upstream |
* commit '6647f813c9fa03ac0378e3d4756246e8dc4b4c76': (33 commits) [Detection Engine] Extracts Rules/Alerts/Exceptions permission to new Rules feature privileges (elastic#239634) [Agent Builder] Add Intro Tour (elastic#245551) Add datastream lifecycle support to indices metadata (elastic#245548) [Serverless] Update preconfigured connectors (elastic#245445) [Metrics][Discover] Discover to prefer line chars for time series data (elastic#244595) Update dependency @elastic/ebt to ^1.4.1 (main) (elastic#241629) [One Workflow] fix: request bodies with oneof schemas (`kibana.SetAlertsStatus`, etc) (elastic#245344) Update dependency ai to v5 (elastic#244675) Fix Discover trace waterfall behavior with duplicate spans (elastic#244984) [FSH] Migrated fs usage to kbn/fs for sample ingest (elastic#244163) Streamlang: Unskip type coercion test (elastic#245519) [Response Ops][Reporting] Fixing error in calculating delay value between retries (elastic#245431) Add TopNavMenuBeta to navigation plugin (elastic#243578) [scout] support custom servers configuration (elastic#244306) [Fleet] Run agentless background sync without dry run (elastic#245286) Fix Change Password Flaky Test (elastic#245443) Add new gap fill status for rules (elastic#242595) [Kibana Search] Move SLOs higher up in search results (elastic#245518) feat(slo): introduce find SLO instances internal route (elastic#245333) [FSH] Dropped unnecessary `fs` persistence for synthetics project code (elastic#244338) ...
nkhristinin
added
the
Team:Detection Engine
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
9 participants
Add new gap fill status for rules
Short summary
What is gap fill status?
Gap fill status summarises all gaps fill for a rule within a time window using the following precedence:
unfilled > in_progress > filled
We plan to add an “error” status in the future for cases where a gap fill attempt failed.
API changes
Find rules :
GET /api/detection_engine/rules/_findgap_fill_statusesquery param (unfilled | in_progress | filled).gap_fill_statuses,gaps_range_start,gaps_range_end.Get rule IDs with gaps:
POST /internal/alerting/rules/gaps/_get_ruleshighest_priority_gap_fill_statusesto filter by per-rule gap fill status.Get gaps summary by rule IDs:
POST /internal/alerting/rules/gaps/_get_gaps_summary_by_rule_idsgap_fill_status(gap fill status) per rule.How to test
1. Ensure you have rules with gaps
There are two ways to create gaps:
Manual method
Using the tool
Run the following command to generate multiple rules and gaps (100 rules, 10 gaps each, 30-minute interval, remove all rules before):
2. UI
unfilled,in_progress, orfilled.