Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Custom threshold rule] Use lens chart with annotations in alert details page #175513

Merged

Conversation

benakansara
Copy link
Contributor

@benakansara benakansara commented Jan 25, 2024

Resolves #174075, #155691

  • Using same chart in alert details page as in rule flyout for preview
  • Group by info is applied as filter on chart data
  • Added annotations
    • For active alerts, added point annotation with alert start time and range annotation with range from alert start time till current time
    • For recovered alerts, added range annotation for alert duration

Active alert

Screenshot 2024-01-26 at 15 05 26 Screenshot 2024-01-26 at 15 09 44

Recovered alert

Screenshot 2024-01-26 at 14 53 08

@benakansara benakansara self-assigned this Jan 25, 2024
@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@benakansara benakansara added release_note:skip Skip the PR/issue when compiling release notes Team:obs-ux-management Observability Management User Experience Team v8.13.0 labels Jan 25, 2024
@benakansara
Copy link
Contributor Author

/ci

@benakansara
Copy link
Contributor Author

/ci

@benakansara
Copy link
Contributor Author

/ci

@benakansara
Copy link
Contributor Author

/ci

@benakansara benakansara marked this pull request as ready for review January 26, 2024 14:21
@benakansara benakansara requested review from a team as code owners January 26, 2024 14:21
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

@benakansara benakansara changed the title [Custom threshold rule] Reuse lens chart with annotations in alert details page [Custom threshold rule] Use lens chart with annotations in alert details page Jan 26, 2024
@benakansara benakansara linked an issue Jan 26, 2024 that may be closed by this pull request
1 task
Copy link
Contributor

@drewdaemon drewdaemon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Config builder changes are looking good! However, Lens really supports two distinct types of annotation layer: by-value and by-reference. You're currently using by-value.

Could we make that a bit more clear (e.g. rename xy_annotation_layer to xy_by_value_annotation_layer, have the class implement ChartLayer<XYByValueAnnotationLayer>, etc)?

Copy link
Member

@maryam-saeidi maryam-saeidi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, added some comments. Will check it locally.

@@ -47,13 +58,15 @@ const getOperationTypeFromRuleAggType = (aggType: AggType): OperationType => {
export const getBufferThreshold = (threshold?: number): string =>
(Math.ceil((threshold || 0) * 1.1 * 100) / 100).toFixed(2).toString();

export function PreviewChart({
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PreviewChart was a more clear name as we refer to this component in our discussion as the preview chart instead of RuleConditionChart. Was the previous name confusing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PreviewChart works well in context of rule configuration, when the purpose is to show user preview of data flow so that can define appropriate threshold. In context of alert details page, we are showing data at the time alert triggered and some data before and after alert to analyse. I think RuleConditionChart is a common name that would work for both purposes. We can rename it to something else to cover both use cases, so if you have any other suggestions, let me know.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see your point, no I don't have a better suggestion.

Would you mind renaming this component to PreviewChart in here to make it easier to find in the code?

import { RuleConditionChart as PreviewChart } from './components/rule_condition_chart/rule_condition_chart';

Copy link
Member

@maryam-saeidi maryam-saeidi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. In recovered scenario, I am missing the alert start annotation:
    image

  2. There is a gap between the alert annotation and the start of alert duration annotation:
    image

  3. Any idea why some bars are not fully included in the annotation? Is the highlighted one in the alert duration or not?
    image

@benakansara
Copy link
Contributor Author

@maryam-saeidi For recovered alerts, I have only added range annotation, do you think we should add alert start annotation as well? Let me check regarding active alert annotation, why there is a gap.

@maryam-saeidi
Copy link
Member

@maryam-saeidi For recovered alerts, I have only added range annotation, do you think we should add alert start annotation as well?

I remember we had it and I think it is a useful indication of when the alert started even if it is already recovered.

@@ -0,0 +1,66 @@
/*
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The attribute_builder will be deprecated in the future in favor of the config_builder created recently by the visualizations team.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@crespocarlos thanks for the heads up. I will create a separate issue to replace attribute_builder usage with config_builder in observability plugin.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

created #176146

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @benakansara !

@benakansara
Copy link
Contributor Author

benakansara commented Feb 2, 2024

@maryam-saeidi I have added alert start annotation for recovered alerts as well. For the issue with gap between two annotations, I have applied workaround to change series type to bar_stacked for alert details page. When this is fixed, we can revert this change and keep bar as series type. Though in alert details page, we are showing only one bar, so visually there will be no difference.

Copy link
Member

@maryam-saeidi maryam-saeidi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 💯

Item number 1: Is there a config in lens to add the annotation before the bar not in the middle? Seems to me less confusing if the annotation covers the whole bar instead of half.
Item number 2: Any idea why the last section is not highlighted?

image

Recovered 😍
image

key: {
type: 'range',
timestamp: alertStart!,
endTimestamp: alertEnd ?? '',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking out loud: If we pass endTimestamp as undefined, would it be the same as the activeAlertRangeAnnotation annotation? So we don't need to define two range annotations and one would be enough.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, good idea. I updated the code in fa3df0d.

@benakansara
Copy link
Contributor Author

@maryam-saeidi

Item number 1: Is there a config in lens to add the annotation before the bar not in the middle? Seems to me less confusing if the annotation covers the whole bar instead of half.

What was the alert start time in this case? The annotation is placed at the exact timestamp, so it should not be always in middle. If the alert start time is 09:10:00, annotation will be placed at start of the bar. I think this is more accurate than placing annotation always at the start.

Alert at 22:16:02 - annotation almost at start of bar - bucket interval mintue
Screenshot 2024-02-02 at 22 26 52

Alert at 11:28:13 - annotation almost at middle of bar - bucket interval hour
Screenshot 2024-02-02 at 22 17 04

Item number 2: Any idea why the last section is not highlighted?

In the below screenshot, the bucket is of 5 minutes, and bucket for 22:35 is displayed which would cover 22:35-22:39 but current time is 22:37. We are showing range annotation till current time so there appears a gap for the time between 22:37-22:39. There may be a configuration in Lens to hide partial buckets. But I don't think we should apply that either because for rule interval like 1 hour, there will be no bucket shown for last hour until full bucket is computed.

Screenshot 2024-02-02 at 22 38 07

@benakansara benakansara enabled auto-merge (squash) February 2, 2024 21:54
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
observability 597 587 -10
observabilityAIAssistant 224 225 +1
total -9

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/lens-embeddable-utils 178 190 +12

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
observability 627.9KB 612.9KB -15.0KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
@kbn/lens-embeddable-utils 3 4 +1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
observability 102.0KB 101.7KB -306.0B
Unknown metric groups

API count

id before after diff
@kbn/lens-embeddable-utils 181 193 +12

async chunk count

id before after diff
observability 22 23 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @benakansara

@benakansara benakansara merged commit fa20457 into elastic:main Feb 2, 2024
17 checks passed
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Feb 2, 2024
@maryam-saeidi
Copy link
Member

Item number 2: Any idea why the last section is not highlighted?

In the below screenshot, the bucket is of 5 minutes, and bucket for 22:35 is displayed which would cover 22:35-22:39 but current time is 22:37. We are showing range annotation till current time so there appears a gap for the time between 22:37-22:39. There may be a configuration in Lens to hide partial buckets. But I don't think we should apply that either because for rule interval like 1 hour, there will be no bucket shown for last hour until full bucket is computed.

Screenshot 2024-02-02 at 22 38 07

Thanks for the clarification.
For the second item, my concern is that the user might think that the alert is recovered because of the alert range annotation but the alert is actually active. So, I was thinking more about having the annotation till the end of the chart if possible.

fkanout pushed a commit to fkanout/kibana that referenced this pull request Feb 7, 2024
…ils page (elastic#175513)

Resolves elastic#174075,
elastic#155691

- Using same chart in alert details page as in rule flyout for preview
- Group by info is applied as filter on chart data
- Added annotations
- For active alerts, added point annotation with alert start time and
range annotation with range from alert start time till current time
  - For recovered alerts, added range annotation for alert duration

### Active alert
<img width="1257" alt="Screenshot 2024-01-26 at 15 05 26"
src="https://github.com/elastic/kibana/assets/69037875/d548b529-7811-4e3e-996d-aa4d259327b9">

<img width="1265" alt="Screenshot 2024-01-26 at 15 09 44"
src="https://github.com/elastic/kibana/assets/69037875/a01d0cdf-5254-484d-91b3-c45a846790a9">

### Recovered alert
<img width="1250" alt="Screenshot 2024-01-26 at 14 53 08"
src="https://github.com/elastic/kibana/assets/69037875/521a69a2-6a4a-4b9e-a886-3477c92d63ac">

---------

Co-authored-by: kibanamachine <[email protected]>
CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this pull request Feb 15, 2024
…ils page (elastic#175513)

Resolves elastic#174075,
elastic#155691

- Using same chart in alert details page as in rule flyout for preview
- Group by info is applied as filter on chart data
- Added annotations
- For active alerts, added point annotation with alert start time and
range annotation with range from alert start time till current time
  - For recovered alerts, added range annotation for alert duration

### Active alert
<img width="1257" alt="Screenshot 2024-01-26 at 15 05 26"
src="https://github.com/elastic/kibana/assets/69037875/d548b529-7811-4e3e-996d-aa4d259327b9">

<img width="1265" alt="Screenshot 2024-01-26 at 15 09 44"
src="https://github.com/elastic/kibana/assets/69037875/a01d0cdf-5254-484d-91b3-c45a846790a9">

### Recovered alert
<img width="1250" alt="Screenshot 2024-01-26 at 14 53 08"
src="https://github.com/elastic/kibana/assets/69037875/521a69a2-6a4a-4b9e-a886-3477c92d63ac">

---------

Co-authored-by: kibanamachine <[email protected]>
fkanout pushed a commit to fkanout/kibana that referenced this pull request Mar 4, 2024
…ils page (elastic#175513)

Resolves elastic#174075,
elastic#155691

- Using same chart in alert details page as in rule flyout for preview
- Group by info is applied as filter on chart data
- Added annotations
- For active alerts, added point annotation with alert start time and
range annotation with range from alert start time till current time
  - For recovered alerts, added range annotation for alert duration

### Active alert
<img width="1257" alt="Screenshot 2024-01-26 at 15 05 26"
src="https://github.com/elastic/kibana/assets/69037875/d548b529-7811-4e3e-996d-aa4d259327b9">

<img width="1265" alt="Screenshot 2024-01-26 at 15 09 44"
src="https://github.com/elastic/kibana/assets/69037875/a01d0cdf-5254-484d-91b3-c45a846790a9">

### Recovered alert
<img width="1250" alt="Screenshot 2024-01-26 at 14 53 08"
src="https://github.com/elastic/kibana/assets/69037875/521a69a2-6a4a-4b9e-a886-3477c92d63ac">

---------

Co-authored-by: kibanamachine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
apm:review backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:obs-ux-management Observability Management User Experience Team v8.13.0
Projects
None yet
10 participants