[Logs UI][Rules] Refactor Logs Threshold Rule to push evaluations to Elasticsearch

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.7k stars 8.24k forks source link

[Logs UI][Rules] Refactor Logs Threshold Rule to push evaluations to Elasticsearch #127925

Open simianhacker opened 2 years ago

simianhacker commented 2 years ago

This is related to the work done in #125034 and #126214. We need to push the evaluations for the Log Threshold Rule down to Elasticsearch using a combination of bucket_scripts and a bucket_selector to determine if the rule should trigger alerts. We should use a similar technique as described in this comment on a Stack Monitoring issue: https://github.com/elastic/kibana/issues/126709#issuecomment-1057459772

elasticmachine commented 2 years ago

Pinging @elastic/infra-monitoring-ui (Team:Infra Monitoring UI)

elasticmachine commented 1 year ago

Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs)