[Alerting] support for watcher-like "dynamic attachments" #64247
Labels
discuss
enhancement
New value added to drive a business result
estimate:needs-research
Estimated as too large and requires research to break down into workable issues
Feature:Alerting/RuleActions
Issues related to the Actions attached to Rules on the Alerting Framework
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
pmuellr
added
enhancement
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
2 tasks
|
To research / discuss more |
gmmorris
added
the
Feature:Alerting/RuleActions
gmmorris
added
the
loe:needs-research
gmmorris
added
the
estimate:needs-research
gmmorris
removed
the
loe:needs-research
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Watcher provides a facility for extending the JSON payload of actions based on data coming from the output returned by executing the input. For example, populating Slack attachments from the output of an ES query.
We'd need a facility similar to this, to handle populating dynamic arrays of objects in a payload for a service. For example, populating a links property in PagerDuty.
Lots of conceptual problems here:
alerts and their actions don't really know about each other, and it seems unlikely that data would "just work" between an alert and action. For instance, in the PagerDuty example, an alert might have a list of links to provide to an action, but it's unlikely to know the exact shape that will work with every action, so who converts, say, an array of URLs from the alert, into an array of
{href, text}objects. Or should every alert provide a list of URLs in every format an action might want?are there cases where you'd want a fixed set of links (which you could set as parameters to the action) and then be able to add more from the alert dynamically?
what does the UI look like for this?
The text was updated successfully, but these errors were encountered: