I saw this touched on indirectly in another topic, but wanted to get a more focused discussion on this, as I was surprised by the design behind alert management, specifically as it pertains to a multi-tenancy model.
I started working with visualizations/dashboards initially and loved how those artifacts could be saved in separate indices associated to the tenant you were using. This made defining role based access to those artifacts via the security plugin really clean and easy to use.
The natural progression for me was to then create alerts based on events/scenarios similar to those I was visualizing. Intuitively, I expected a similar design for monitors, alerts, and actions, where they would be stored in tenant specific indices, but they instead appear to be managed at a cluster level.
I’m curious why there seems to be this disconnect in design between visualizations/dashboards and alerting. For those developing, is there any plan to move alerting in a more multi-tenancy friendly direction? I imagine this would be a very desirable functionality, but I’d love to hear others thoughts as well.