search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.64k stars 8.23k forks source link

[o11y alerting] Removing alerts group buttons #160529

Open emma-raffenne opened 1 year ago

emma-raffenne commented 1 year ago

After brainstorm and user activity analysis with @katrin-freihofner we decided to remove the group button from Alerts list view.

issue53-img1

They are causing confusion and are in Primary action / CTA style, it takes user attention and suggests to click on it, and in fullstory videos we observe that our users after loading empty list of alerts are clicking through these 3 buttons trying to find an alert. The list of All alerts is showing 0 results, but user still clicks on Active to check if there is any, so it's not intuitive, that Active button is showing just a subset / filter to the alert list.

Also we have added "Active now" metric on top of alerts list, so now it's a duplicate.

issue53-img2

Also security alerts list got rig of this solution some time ago, and Alert status is presented as a dedicated dropdown control:

issue53-img3
elasticmachine commented 1 year ago

Pinging @elastic/actionable-observability (Team: Actionable Observability)

maryam-saeidi commented 1 year ago

Isn't it a duplicate for this ticket? https://github.com/elastic/kibana/issues/143561

maciejforcone commented 1 year ago

oh yes, looks like it is, sorry for confusion.

maryam-saeidi commented 1 year ago

Closed as it is duplicated

katrin-freihofner commented 1 year ago

These are two different things to me. One is removing the button group, the other one is moving the functionality to a dropdown.

I suggest we only remove the button group for now (we currently don't have any indication that this is needed).

maryam-saeidi commented 1 year ago

@katrin-freihofner I remember a request internally about also adding rule types as a filter, so if we use controls, we can add multiple filters (status, rule category, ...) based on what we know can be useful for the user.

I also saw your comment here, which is a nice option, but not sure how easily it can be implemented.

So we have three options:

  1. Removing the status filter (easiest)
  2. Using control for status filter and possibly having rule category filter (I need to check the data view permission for this one)
  3. Implementing filter for values in the table (Need to align with @XavierM and ResponseOps team)

So @katrin-freihofner and @maciejforcone, do you have enough information to decide, or do you need input regarding how much time is needed to implement each option?

katrin-freihofner commented 1 year ago

@maryam-saeidi I think we should go with

  1. Removing the status filter (easiest)

and start talking to the responseOps team to learn more about the effort needed to improve the alert table UX (your point 3)

maryam-saeidi commented 1 year ago

@katrin-freihofner Just one point, since this component is also used in APM (PR), do we need to align with them? (They also had this filter even before adding the search bar)

katrin-freihofner commented 1 year ago

@maryam-saeidi yes, good point. I will reach out.

katrin-freihofner commented 1 year ago

Folks from both, Infra and APM are okay with the changes.

maryam-saeidi commented 1 year ago

Cool, so I reopen this one and close the other one.