Nested grouping-over #66052
Comments
arisonl
added
Feature:Alerting
Team:ResponseOps
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
|
This presumably for the built-in index threshold? I don't think there's anything alert-generic about this request, but not entirely sure. And if the question is about an existing alert besides the index threshold alert, we'll want an issue for that alert as well (eg, an observability-provided alert). I think the implication is that we can have multiple top-N groups in the search spec that gets built, where we have a single one today. It seems like it should be a limited grouping (using the same sort of top-N limit), to keep the ES query less expensive (in the worst case). This will likely be a usefulness blocker: #64268 - the instanceIds for an alert with N groups will be something like We'll have to think about how to represent the group data in the context here - I guess it will need to be an array of groups, where we have a single group today. |
|
We're tracking this request here: #65119 |
gmmorris
added
the
Feature:Alerting/RuleTypes
gmmorris
added
loe:large
gmmorris
added
enhancement
gmmorris
removed
the
loe:needs-research
|
Closing as implemented within O11y. |
As an alerting user I want to be able to generate separate alert instances by defining a group-over a field within a group-over (nested group-overs). As a solutions-specific example, metrics would like to be able to determine an alert per disk, per host (see 'Separate alerts are sent for each combination of host and disk' section.
The text was updated successfully, but these errors were encountered: