Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[R&D] Data flow stopped rule #141936

Closed
miltonhultgren opened this issue Sep 27, 2022 · 4 comments
Closed

[R&D] Data flow stopped rule #141936

miltonhultgren opened this issue Sep 27, 2022 · 4 comments
Labels
8.7 candidate enhancement New value added to drive a business result Platform Observability Platform Observability WG issues https://github.com/elastic/observability-dev/issues/2055 Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge"

Comments

@miltonhultgren
Copy link
Contributor

As a follow up to the investigation done here, we've identified a need to be able to define a rule that checks if data stops coming in from an expected source.

In the Stack Monitoring case we have regular SDHs where data stops coming in for some reason (config changes, cluster upgrades, outages or cluster overload), it would be great if we had a flexible way to create rules around such situations.

I'm not certain about what kind of granularity we should look at (pure document rate into an index/data stream with awareness of sending frequency, splitting by metricset, etc.).

Ideally, this rule would be made in a way that it can be used no matter what the source of data is, as long as we expect it to be coming into Elasticsearch we should alert if it stops (with some config for how long an accepted delay might be).

@miltonhultgren miltonhultgren added the Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" label Sep 27, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/actionable-observability (Team: Actionable Observability)

@miltonhultgren miltonhultgren changed the title [R&D] Data stopped rule [R&D] Data flow stopped rule Sep 27, 2022
@miltonhultgren miltonhultgren added Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services Platform Observability Platform Observability WG issues https://github.com/elastic/observability-dev/issues/2055 labels Sep 27, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/infra-monitoring-ui (Team:Infra Monitoring UI)

@pmuellr
Copy link
Member

pmuellr commented Oct 27, 2022

We've been talking about NO_DATA indications since when alerting started, but never came up with how we would actually do this. I think the rule executors would need to return an indication of this, since the framework can't figure it out. Should it be a new action group, like Recovered, which is provided by the framework? I think that was the direction I was thinking of going on that. Some discussion here: #51099

I'm not sure how long it would take us to do this; also not sure how it would interact with the current "NO DATA" action group already used by at least metric threshold. I'd think we'd want to make sure we could migrate from that existing one, to the new one, or just "make it work" with the existing one (even better).

@simianhacker simianhacker added enhancement New value added to drive a business result 8.7 candidate labels Oct 27, 2022
@miltonhultgren miltonhultgren added Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge" and removed Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services labels Jun 23, 2023
@katrin-freihofner
Copy link
Contributor

@katrin-freihofner katrin-freihofner removed their assignment Nov 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.7 candidate enhancement New value added to drive a business result Platform Observability Platform Observability WG issues https://github.com/elastic/observability-dev/issues/2055 Team: Actionable Observability - DEPRECATED For Observability Alerting and SLOs use "Team:obs-ux-management", for AIops "Team:obs-knowledge"
Projects
None yet
Development

No branches or pull requests

5 participants