-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Discuss] Sort and filter options in the alert management view #58366
Comments
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
I think the filter by status should be handled by this related issue: #51099 At some I think we were able to filter by tag (#51727) , perhaps we suppressed it along the way. |
An updated list view of the Alert management view:
Added in switches so its easier to see which are enabled
I think the table can by default be sorted by last fired. The tags are back to simple text from the previous mockup shown in #58493 since we wanted to explore if it was possible to show them inline. This may clutter up the rows a bit (bagdes/pills did so even more) and I believe the filtering for these works slightly differently than the others—so we could go back to including these in the expanded row view to allow for more flexibility. |
Alex has captured the most important aspects. I am adding a few thoughts, building on his comments (and possibly stretching it a bit):
|
Can you expand a bit on this? Curious why people would want to do this and how it persists after interacting with other filters
This is a good point and wondering if this warrants more attention in the alert detail view as well.
I apologize for my mockup not accurately showing the sorting. Click the name column should sort alphabetically by alert name
Yes, I think so To your last point, we've tried tackling some of the filter issues here: #58362. As you mentioned, types with zero alerts should not appear in the filter options, or at least be disabled to avoid this scenario |
@mdefazio many thanks for the quick response and link. This might not be applicable here or it might be of low priority for future consideration, but in the context of saved objects where there is a similar list view, I've seen users wanting the ability to arrange the list of objects manually so that the most important ones are in direct reach, remain on top etc (in the presence of many objects) or have another means of organising (e.g. folders). We have tags here, which is great. |
@mdefazio UX question on the order of the columns in this view. More specifically, the |
Good catch. I'll reorder the columns so they are next to the status. Perhaps using a checkbox for the mute option will help this read easier? |
Checkbox makes sense, also if we prefer to keep the toggle we could add a muted icon next to it when enabled. Whatever you think makes the most sense from a UX perspective. Btw, what are the possible statuses, have we defined them all? Curious how the enable and mute actions map to them. |
This on is covered in #59964 and should be fixed in 7.7 |
Here is a summary of the feedback covered here and links to the issues covering them:
|
I had a chat with @mdefazio on the default sorting that we should do on this list. Now that alert statuses is coming soon, we could sort by most severe status (ex: order by error, active, ok, no data). A secondary sort as well could be; last edit, last executed or name. @mdefazio sorting by last edit would solve the problem where you don't see the newly created alert in the list after saving though it may not work if we primarily sort by status then last edit? |
Right, I think we stick with default sort of last edit. Then leave it up to the user to sort by status. If we have the banner or the health status bar above the table (or both) they will easily be able to see if there are any alerts with errors |
I've converted the list in comment ^^^ to a task list, and added "default sort by last edit" as it was added after the list
|
@peterschretlen any news on when this might be done? ;) |
Does this issue get resolved when #104190 merges? |
After seeing the updates on siem.estc.dev, I came across a few issues:
Happy to make specific issues if others also see these |
@mdefazio Can you create a new issue for your comment? |
I spun up the SIEM dev environment and noticed that the rules created end up taking over the alert management UI.
Some issues that I came across below:
Some suggestions that might make this experience easier
cc: @mdefazio @arisonl @peterschretlen
The text was updated successfully, but these errors were encountered: