[Dataset quality] degradedDocs rule#216026
Merged
yngrdyn merged 81 commits intoelastic:mainfrom Jun 23, 2025
Merged
Conversation
…nts' of github.com:yngrdyn/kibana into 179173-dataset-quality-create-rules-for-degraded-documents
yngrdyn
force-pushed
the
179173-dataset-quality-create-rules-for-degraded-documents
branch
from
2e04aa7 to
bcc8933
Compare
…y-create-rules-for-degraded-documents
yngrdyn
force-pushed
the
179173-dataset-quality-create-rules-for-degraded-documents
branch
from
eb8cdbe to
f4ee7fb
Compare
yngrdyn
force-pushed
the
179173-dataset-quality-create-rules-for-degraded-documents
branch
from
f4ee7fb to
cc07f07
Compare
…nts' of github.com:yngrdyn/kibana into 179173-dataset-quality-create-rules-for-degraded-documents
yngrdyn
force-pushed
the
179173-dataset-quality-create-rules-for-degraded-documents
branch
2 times, most recently
from
45750ac to
d74ec14
Compare
yngrdyn
force-pushed
the
179173-dataset-quality-create-rules-for-degraded-documents
branch
from
d74ec14 to
4fd4612
Compare
…nts' of github.com:yngrdyn/kibana into 179173-dataset-quality-create-rules-for-degraded-documents
Contributor
Author
@flash1293 yes, it works for remote clusters Screen.Recording.2025-06-19.at.09.57.57.mov |
…nts' of github.com:yngrdyn/kibana into 179173-dataset-quality-create-rules-for-degraded-documents
denar50
approved these changes
Jun 19, 2025
Contributor
denar50
left a comment
denar50
left a comment
There was a problem hiding this comment.
Changes related to @elastic/security-detection-engine LGTM. Code review only.
…nts' of github.com:yngrdyn/kibana into 179173-dataset-quality-create-rules-for-degraded-documents
Contributor
Author
…y-create-rules-for-degraded-documents
flash1293
approved these changes
Jun 23, 2025
Contributor
flash1293
left a comment
flash1293
left a comment
There was a problem hiding this comment.
Works as expected, approving because I think it's good for merge but there are some improvements we coud/should make.
Somehow the red highlighted area does not include the very last bucket:
Not sure whether we can control that, but in the "Document summary" of the alert, it doesn't show the grouping fields which are obviously very important:
Should we add that to the summary table? cc @LucaWintergerst
The "Reason" does list the grouping fields, but it doesn't give the field names
Contributor
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15820549948 |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
async chunk count
ESLint disabled line counts
miscellaneous assets size
References to deprecated APIs
Total ESLint disabled count
History
|
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
yngrdyn
added a commit
to yngrdyn/kibana
that referenced
this pull request
Jun 23, 2025
Closes elastic#179173. ## Rule type A dedicated stack rule type was created `datasetQuality.degradedDocs`. <img width="1759" alt="image" src="https://github.com/user-attachments/assets/5004a08d-6f12-4f5e-b27f-5f4db242dcf0" /> <img width="2318" alt="image" src="https://github.com/user-attachments/assets/f8b2664a-f1c6-48c5-a617-c6f1b79bf0f7" /> This new rule is aggregated by default using `_index` and could be further configured by the user (e.g. user can also aggregate by `cloud.provider`). A new rule type was needed to be created since there is no actual way to aggregate all documents in a dataStream if we use a DataView like `logs-*-*`. Inside datasStream documents there is no indication about the dataStream where they belong to, instead we just have `_index` which contains backingIndexName instead of actual index. It's important to note, that this rule type is also visible from `Observability > Alerts`, which is useful specially for serverless. https://github.com/user-attachments/assets/000aee51-4895-4f4c-9484-924ace4325c5 ## Role Based Access-Control (RBAC) RBAC for dataset quality alerts is defined within dataQuality kibana feature. We have three privileges defined: 1. `all`: This privilege now contains a subFeature `manage_rules` that will allow for more granularity on alerting level. It's by default assigned to `all` but can be disabled. 2. `read`: This privilege is only related to serverless (when we don't have yet custom roles). https://github.com/user-attachments/assets/70ed5bde-bf45-4024-b448-228799fcaf71 3. `none`: This privilege is only relevant for stateful (in serverless we don't have custom roles). ## 🎥 Demo ### Serverless #### `all` privileges https://github.com/user-attachments/assets/8dad6e30-a261-4a69-979f-6dfc2a41c888 #### `read` privileges https://github.com/user-attachments/assets/e1cb108d-22a0-4e7f-b252-9cc12d1e9d65 ### Stateful #### `all` privileges https://github.com/user-attachments/assets/d96f3b70-35b2-466b-aa59-a07190d24d93 #### `all` privileges with subFeature disabled https://github.com/user-attachments/assets/808ab811-9320-43e4-b2a6-06d530a78b82 #### `none` privileges (Stateful) https://github.com/user-attachments/assets/18f2a2d6-d825-4713-acea-0d72f451e9ab ## How to test? 1. run synthrace scenario `degraded_logs` in live mode ``` node scripts/synthtrace degraded_logs --live ``` 2. Open dataset quality page (/app/management/data/data_quality) 3. Select `synth.3` dataset (/app/management/data/data_quality/details?pageState=(dataStream:logs-synth.3-default) 4. Click on `Actions` and then select `Create rule` 5. Fill out the alert form 6. Go to `Observability > Alerts` or `Stack management > Alerts` (/app/observability/alerts) ## Release note Adds the Create alert rule action to dataset quality page and dataset quality details. This allows you to generate an alert when the percentage of degraded docs on the chart crosses a certain threshold. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co> Co-authored-by: Faisal Kanout <faisal.kanout@elastic.co> (cherry picked from commit 64df229) # Conflicts: # x-pack/platform/plugins/shared/dataset_quality/kibana.jsonc # x-pack/platform/plugins/shared/dataset_quality/public/components/dataset_quality/header.tsx # x-pack/platform/plugins/shared/dataset_quality/public/components/dataset_quality_details/header.tsx # x-pack/platform/plugins/shared/dataset_quality/tsconfig.json # x-pack/test/functional/apps/dataset_quality/dataset_quality_details.ts
yngrdyn
added a commit
that referenced
this pull request
Jun 24, 2025
# Backport This will backport the following commits from `main` to `8.19`: - [[Dataset quality] degradedDocs rule (#216026)](#216026) <!--- Backport version: 10.0.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Yngrid Coello","email":"yngrid.coello@elastic.co"},"sourceCommit":{"committedDate":"2025-06-23T09:30:14Z","message":"[Dataset quality] degradedDocs rule (#216026)\n\nCloses https://github.com/elastic/kibana/issues/179173.\n\n## Rule type\nA dedicated stack rule type was created `datasetQuality.degradedDocs`.\n<img width=\"1759\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/5004a08d-6f12-4f5e-b27f-5f4db242dcf0\"\n/>\n<img width=\"2318\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/f8b2664a-f1c6-48c5-a617-c6f1b79bf0f7\"\n/>\n\n\nThis new rule is aggregated by default using `_index` and could be\nfurther configured by the user (e.g. user can also aggregate by\n`cloud.provider`).\n\nA new rule type was needed to be created since there is no actual way to\naggregate all documents in a dataStream if we use a DataView like\n`logs-*-*`. Inside datasStream documents there is no indication about\nthe dataStream where they belong to, instead we just have `_index` which\ncontains backingIndexName instead of actual index.\n\nIt's important to note, that this rule type is also visible from\n`Observability > Alerts`, which is useful specially for serverless.\n\n\nhttps://github.com/user-attachments/assets/000aee51-4895-4f4c-9484-924ace4325c5\n\n\n## Role Based Access-Control (RBAC)\nRBAC for dataset quality alerts is defined within dataQuality kibana\nfeature.\nWe have three privileges defined:\n1. `all`: This privilege now contains a subFeature `manage_rules` that\nwill allow for more granularity on alerting level. It's by default\nassigned to `all` but can be disabled.\n2. `read`: This privilege is only related to serverless (when we don't\nhave yet custom roles).\n\nhttps://github.com/user-attachments/assets/70ed5bde-bf45-4024-b448-228799fcaf71\n3. `none`: This privilege is only relevant for stateful (in serverless\nwe don't have custom roles).\n\n## 🎥 Demo\n### Serverless\n#### `all` privileges\n\nhttps://github.com/user-attachments/assets/8dad6e30-a261-4a69-979f-6dfc2a41c888\n\n#### `read` privileges\n\nhttps://github.com/user-attachments/assets/e1cb108d-22a0-4e7f-b252-9cc12d1e9d65\n\n### Stateful\n#### `all` privileges\n\nhttps://github.com/user-attachments/assets/d96f3b70-35b2-466b-aa59-a07190d24d93\n\n#### `all` privileges with subFeature disabled\n\nhttps://github.com/user-attachments/assets/808ab811-9320-43e4-b2a6-06d530a78b82\n\n#### `none` privileges (Stateful)\n\nhttps://github.com/user-attachments/assets/18f2a2d6-d825-4713-acea-0d72f451e9ab\n\n## How to test?\n1. run synthrace scenario `degraded_logs` in live mode\n```\nnode scripts/synthtrace degraded_logs --live\n```\n2. Open dataset quality page (/app/management/data/data_quality)\n3. Select `synth.3` dataset\n(/app/management/data/data_quality/details?pageState=(dataStream:logs-synth.3-default)\n4. Click on `Actions` and then select `Create rule`\n5. Fill out the alert form\n6. Go to `Observability > Alerts` or `Stack management > Alerts`\n(/app/observability/alerts)\n\n## Release note\nAdds the Create alert rule action to dataset quality page and dataset\nquality details. This allows you to generate an alert when the\npercentage of degraded docs on the chart crosses a certain threshold.\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>\nCo-authored-by: Faisal Kanout <faisal.kanout@elastic.co>","sha":"64df229998b0db7e5d381c847e60c0d39e6c3120","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","release_note:feature","Team:obs-ux-management","backport:version","v9.1.0","v8.19.0"],"title":"[Dataset quality] degradedDocs rule","number":216026,"url":"https://github.com/elastic/kibana/pull/216026","mergeCommit":{"message":"[Dataset quality] degradedDocs rule (#216026)\n\nCloses https://github.com/elastic/kibana/issues/179173.\n\n## Rule type\nA dedicated stack rule type was created `datasetQuality.degradedDocs`.\n<img width=\"1759\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/5004a08d-6f12-4f5e-b27f-5f4db242dcf0\"\n/>\n<img width=\"2318\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/f8b2664a-f1c6-48c5-a617-c6f1b79bf0f7\"\n/>\n\n\nThis new rule is aggregated by default using `_index` and could be\nfurther configured by the user (e.g. user can also aggregate by\n`cloud.provider`).\n\nA new rule type was needed to be created since there is no actual way to\naggregate all documents in a dataStream if we use a DataView like\n`logs-*-*`. Inside datasStream documents there is no indication about\nthe dataStream where they belong to, instead we just have `_index` which\ncontains backingIndexName instead of actual index.\n\nIt's important to note, that this rule type is also visible from\n`Observability > Alerts`, which is useful specially for serverless.\n\n\nhttps://github.com/user-attachments/assets/000aee51-4895-4f4c-9484-924ace4325c5\n\n\n## Role Based Access-Control (RBAC)\nRBAC for dataset quality alerts is defined within dataQuality kibana\nfeature.\nWe have three privileges defined:\n1. `all`: This privilege now contains a subFeature `manage_rules` that\nwill allow for more granularity on alerting level. It's by default\nassigned to `all` but can be disabled.\n2. `read`: This privilege is only related to serverless (when we don't\nhave yet custom roles).\n\nhttps://github.com/user-attachments/assets/70ed5bde-bf45-4024-b448-228799fcaf71\n3. `none`: This privilege is only relevant for stateful (in serverless\nwe don't have custom roles).\n\n## 🎥 Demo\n### Serverless\n#### `all` privileges\n\nhttps://github.com/user-attachments/assets/8dad6e30-a261-4a69-979f-6dfc2a41c888\n\n#### `read` privileges\n\nhttps://github.com/user-attachments/assets/e1cb108d-22a0-4e7f-b252-9cc12d1e9d65\n\n### Stateful\n#### `all` privileges\n\nhttps://github.com/user-attachments/assets/d96f3b70-35b2-466b-aa59-a07190d24d93\n\n#### `all` privileges with subFeature disabled\n\nhttps://github.com/user-attachments/assets/808ab811-9320-43e4-b2a6-06d530a78b82\n\n#### `none` privileges (Stateful)\n\nhttps://github.com/user-attachments/assets/18f2a2d6-d825-4713-acea-0d72f451e9ab\n\n## How to test?\n1. run synthrace scenario `degraded_logs` in live mode\n```\nnode scripts/synthtrace degraded_logs --live\n```\n2. Open dataset quality page (/app/management/data/data_quality)\n3. Select `synth.3` dataset\n(/app/management/data/data_quality/details?pageState=(dataStream:logs-synth.3-default)\n4. Click on `Actions` and then select `Create rule`\n5. Fill out the alert form\n6. Go to `Observability > Alerts` or `Stack management > Alerts`\n(/app/observability/alerts)\n\n## Release note\nAdds the Create alert rule action to dataset quality page and dataset\nquality details. This allows you to generate an alert when the\npercentage of degraded docs on the chart crosses a certain threshold.\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>\nCo-authored-by: Faisal Kanout <faisal.kanout@elastic.co>","sha":"64df229998b0db7e5d381c847e60c0d39e6c3120"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/216026","number":216026,"mergeCommit":{"message":"[Dataset quality] degradedDocs rule (#216026)\n\nCloses https://github.com/elastic/kibana/issues/179173.\n\n## Rule type\nA dedicated stack rule type was created `datasetQuality.degradedDocs`.\n<img width=\"1759\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/5004a08d-6f12-4f5e-b27f-5f4db242dcf0\"\n/>\n<img width=\"2318\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/f8b2664a-f1c6-48c5-a617-c6f1b79bf0f7\"\n/>\n\n\nThis new rule is aggregated by default using `_index` and could be\nfurther configured by the user (e.g. user can also aggregate by\n`cloud.provider`).\n\nA new rule type was needed to be created since there is no actual way to\naggregate all documents in a dataStream if we use a DataView like\n`logs-*-*`. Inside datasStream documents there is no indication about\nthe dataStream where they belong to, instead we just have `_index` which\ncontains backingIndexName instead of actual index.\n\nIt's important to note, that this rule type is also visible from\n`Observability > Alerts`, which is useful specially for serverless.\n\n\nhttps://github.com/user-attachments/assets/000aee51-4895-4f4c-9484-924ace4325c5\n\n\n## Role Based Access-Control (RBAC)\nRBAC for dataset quality alerts is defined within dataQuality kibana\nfeature.\nWe have three privileges defined:\n1. `all`: This privilege now contains a subFeature `manage_rules` that\nwill allow for more granularity on alerting level. It's by default\nassigned to `all` but can be disabled.\n2. `read`: This privilege is only related to serverless (when we don't\nhave yet custom roles).\n\nhttps://github.com/user-attachments/assets/70ed5bde-bf45-4024-b448-228799fcaf71\n3. `none`: This privilege is only relevant for stateful (in serverless\nwe don't have custom roles).\n\n## 🎥 Demo\n### Serverless\n#### `all` privileges\n\nhttps://github.com/user-attachments/assets/8dad6e30-a261-4a69-979f-6dfc2a41c888\n\n#### `read` privileges\n\nhttps://github.com/user-attachments/assets/e1cb108d-22a0-4e7f-b252-9cc12d1e9d65\n\n### Stateful\n#### `all` privileges\n\nhttps://github.com/user-attachments/assets/d96f3b70-35b2-466b-aa59-a07190d24d93\n\n#### `all` privileges with subFeature disabled\n\nhttps://github.com/user-attachments/assets/808ab811-9320-43e4-b2a6-06d530a78b82\n\n#### `none` privileges (Stateful)\n\nhttps://github.com/user-attachments/assets/18f2a2d6-d825-4713-acea-0d72f451e9ab\n\n## How to test?\n1. run synthrace scenario `degraded_logs` in live mode\n```\nnode scripts/synthtrace degraded_logs --live\n```\n2. Open dataset quality page (/app/management/data/data_quality)\n3. Select `synth.3` dataset\n(/app/management/data/data_quality/details?pageState=(dataStream:logs-synth.3-default)\n4. Click on `Actions` and then select `Create rule`\n5. Fill out the alert form\n6. Go to `Observability > Alerts` or `Stack management > Alerts`\n(/app/observability/alerts)\n\n## Release note\nAdds the Create alert rule action to dataset quality page and dataset\nquality details. This allows you to generate an alert when the\npercentage of degraded docs on the chart crosses a certain threshold.\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>\nCo-authored-by: Faisal Kanout <faisal.kanout@elastic.co>","sha":"64df229998b0db7e5d381c847e60c0d39e6c3120"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
Jun 25, 2025
Closes elastic#179173. ## Rule type A dedicated stack rule type was created `datasetQuality.degradedDocs`. <img width="1759" alt="image" src="https://github.com/user-attachments/assets/5004a08d-6f12-4f5e-b27f-5f4db242dcf0" /> <img width="2318" alt="image" src="https://github.com/user-attachments/assets/f8b2664a-f1c6-48c5-a617-c6f1b79bf0f7" /> This new rule is aggregated by default using `_index` and could be further configured by the user (e.g. user can also aggregate by `cloud.provider`). A new rule type was needed to be created since there is no actual way to aggregate all documents in a dataStream if we use a DataView like `logs-*-*`. Inside datasStream documents there is no indication about the dataStream where they belong to, instead we just have `_index` which contains backingIndexName instead of actual index. It's important to note, that this rule type is also visible from `Observability > Alerts`, which is useful specially for serverless. https://github.com/user-attachments/assets/000aee51-4895-4f4c-9484-924ace4325c5 ## Role Based Access-Control (RBAC) RBAC for dataset quality alerts is defined within dataQuality kibana feature. We have three privileges defined: 1. `all`: This privilege now contains a subFeature `manage_rules` that will allow for more granularity on alerting level. It's by default assigned to `all` but can be disabled. 2. `read`: This privilege is only related to serverless (when we don't have yet custom roles). https://github.com/user-attachments/assets/70ed5bde-bf45-4024-b448-228799fcaf71 3. `none`: This privilege is only relevant for stateful (in serverless we don't have custom roles). ## 🎥 Demo ### Serverless #### `all` privileges https://github.com/user-attachments/assets/8dad6e30-a261-4a69-979f-6dfc2a41c888 #### `read` privileges https://github.com/user-attachments/assets/e1cb108d-22a0-4e7f-b252-9cc12d1e9d65 ### Stateful #### `all` privileges https://github.com/user-attachments/assets/d96f3b70-35b2-466b-aa59-a07190d24d93 #### `all` privileges with subFeature disabled https://github.com/user-attachments/assets/808ab811-9320-43e4-b2a6-06d530a78b82 #### `none` privileges (Stateful) https://github.com/user-attachments/assets/18f2a2d6-d825-4713-acea-0d72f451e9ab ## How to test? 1. run synthrace scenario `degraded_logs` in live mode ``` node scripts/synthtrace degraded_logs --live ``` 2. Open dataset quality page (/app/management/data/data_quality) 3. Select `synth.3` dataset (/app/management/data/data_quality/details?pageState=(dataStream:logs-synth.3-default) 4. Click on `Actions` and then select `Create rule` 5. Fill out the alert form 6. Go to `Observability > Alerts` or `Stack management > Alerts` (/app/observability/alerts) ## Release note Adds the Create alert rule action to dataset quality page and dataset quality details. This allows you to generate an alert when the percentage of degraded docs on the chart crosses a certain threshold. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co> Co-authored-by: Faisal Kanout <faisal.kanout@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #179173.
Rule type
A dedicated stack rule type was created
datasetQuality.degradedDocs.This new rule is aggregated by default using
_indexand could be further configured by the user (e.g. user can also aggregate bycloud.provider).A new rule type was needed to be created since there is no actual way to aggregate all documents in a dataStream if we use a DataView like
logs-*-*. Inside datasStream documents there is no indication about the dataStream where they belong to, instead we just have_indexwhich contains backingIndexName instead of actual index.It's important to note, that this rule type is also visible from
Observability > Alerts, which is useful specially for serverless.Screen.Recording.2025-04-09.at.16.44.56.mov
Role Based Access-Control (RBAC)
RBAC for dataset quality alerts is defined within dataQuality kibana feature.
We have three privileges defined:
all: This privilege now contains a subFeaturemanage_rulesthat will allow for more granularity on alerting level. It's by default assigned toallbut can be disabled.read: This privilege is only related to serverless (when we don't have yet custom roles).https://github.com/user-attachments/assets/70ed5bde-bf45-4024-b448-228799fcaf71
none: This privilege is only relevant for stateful (in serverless we don't have custom roles).🎥 Demo
Serverless
allprivilegesScreen.Recording.2025-04-09.at.14.30.38.mov
readprivilegesScreen.Recording.2025-04-09.at.14.28.31.mov
Stateful
allprivilegesScreen.Recording.2025-04-09.at.15.01.24.mov
allprivileges with subFeature disabledScreen.Recording.2025-04-09.at.13.03.31.mov
noneprivileges (Stateful)Screen.Recording.2025-04-09.at.14.45.26.mov
How to test?
degraded_logsin live modesynth.3dataset (/app/management/data/data_quality/details?pageState=(dataStream:logs-synth.3-default)Actionsand then selectCreate ruleObservability > AlertsorStack management > Alerts(/app/observability/alerts)Release note
Adds the Create alert rule action to dataset quality page and dataset quality details. This allows you to generate an alert when the percentage of degraded docs on the chart crosses a certain threshold.