Grouping (aggregation) does not work when using visual graph

kklemen · July 10, 2019, 2:27pm

When creating an alert in kibana with “define using visual graph” the field “OVER ALL DOCUMENTS” should support aggregation but it currently does not. It always shows “over all documents” regardless of what settings are configured in other fields.

screenshot: https://i.imgur.com/4Iwf2zy.png

This is a very basic and highly used feature in other alerting tools (x-pack or elastalert) which allows use cases such as grouping on beat.name so one alert can cover multiple hosts. Right now separating alerts by host can only be implemented with “define using extraction query” (removes simplicity) or by implementing one alert for each host (creates a mess).

Using elasticsearch 7.1.1 with kibana 7.1.1 on linux
kibana-alerting 1.1.0.0 and kibana-alerting-elasticsearch 1.1.0.0 built from github then installed into elasticsearch as a plugin.

Also reported on github: grouping in kibana does not work · Issue #68 · opendistro-for-elasticsearch/alerting-kibana-plugin · GitHub

dbbaughe · July 10, 2019, 5:04pm

Hi @kklemen,

We only support “OVER ALL DOCUMENTS” as of right now for that OVER field. We originally were looking into adding aggregation support, but were not completely happy with the current solutions and wanted to look into that feature more.

Thanks for the request, feel free to track the issue on GitHub.

Thanks,
Drew

Topic		Replies	Views
Alerting monitor : There is no data for the current selections Alerting	2	1082	March 18, 2020
No data for any monitor query Alerting	1	1698	November 12, 2019
Define monitor using visual graph went wrong Alerting	4	1089	August 31, 2020
No Data Shows In Monitor Alerting	4	714	March 9, 2020
Alerting not work Alerting	9	1802	October 17, 2020

Grouping (aggregation) does not work when using visual graph

Related Topics