search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.77k stars 8.18k forks source link

Alert simulation/preview #49411

Open mikecote opened 4 years ago

mikecote commented 4 years ago

Ability to preview how an alert / alert type would behave with a given set of parameters. This could be based on historical or mocked data.

elasticmachine commented 4 years ago

Pinging @elastic/kibana-stack-services (Team:Stack Services)

bvader commented 4 years ago

Hi Team, Thanks for considering this feature, it is very important. I am in the field already heavily using the new framework. Alert creation for user is like a mini code / feature / capability development and deployment cycle. So the ease to configure -> test -> observe -> correct cycle is very important especially when configuring the action. Example at a large customer that is integrating with and event management system via the webhook, which parses the alert to then pass on to their notification pipeline. Simulating the alert i.e. not having to deploy the alert, then cause the alert to fire (sometimes not so easy) will speed the up the alerting deployment cycle time and effort, reduce errors / missed alerts and increase the speed to value.

So as an alert creation owner, I want to simulate the alert firing to reduce the time it take for me to deploy a correct and useful alert with minimal time and debug cycle and errors.

pmuellr commented 3 years ago

I created a feature enhancement issue #84417 regarding an "explain" capability for the alerts underlying queries - brief discussion on this noted that this is kind of a baby-step towards alert simulation, so thought I'd reference it here.

arisonl commented 3 years ago

The ability to run simulation based off of synthetic test data is important in order to test behaviour under conditions and edge cases that are relatively rare and may not be present in the actual historical data.

XavierM commented 2 years ago

@mikecote and @gmmorris Can you help us to understand the features?

gmmorris commented 2 years ago

@mikecote and @gmmorris Can you help us to understand the features?

TBH this is more of a placeholder, as we don't quite know the feature requirements. We'd likely want parity with what Watcher provides, but we shouldn't approach this as a copy of Watcher, but rather as an opportunity to find out what our customers might actually want here.

It would be worth chatting with Product.