alerting icon indicating copy to clipboard operation
alerting copied to clipboard

Published 20 hours ago • verified publisher icon opensearch-project

unacknowledge an alert

Open adityaj1107 opened this issue 3 years ago • 12 comments

Issue by ylwu-amzn Saturday Apr 06, 2019 at 17:37 GMT Originally opened as https://github.com/opendistro-for-elasticsearch/alerting/issues/27

If acknowledge one alert by mistake, user can’t unacknowledge it.

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by elfisher Tuesday Apr 09, 2019 at 16:09 GMT

Hi @bellfrog thanks for the feedback. This is an interesting request. Can you help us understand what circumstances do you want the ability to deacknowledge? Thanks.

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by ylwu-amzn Wednesday Apr 10, 2019 at 17:23 GMT

Suppose we have two team members("A","B") who will process the alert alternately. If "A" acknowledges one alert by mistake, then "B" starts to process the alert, "B" will not receive alert any more, that brings extra effort for "B" to go though all of the acknowledged alerts to confirm if the alert is really completed or just suppressed by acknowledging.

Even for the case when there is only one team member to process the alert, he has to remember which alerts are acknowledged by mistake and process them later. What's more, if he/she just don't want to receive too many alerts today, can the alert just be acknowledged for a period, such as one hour or day?

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by elfisher Wednesday Apr 10, 2019 at 21:32 GMT

@bellfrog thanks for clarifying the use case. It feels like there are 2 things going on here. 1/ fixing an accidental acknowledgement and 2/ reducing the frequency at which the alert comes. We also have a request for adding throttling functionality to notifications to help reduce noise here https://github.com/opendistro-for-elasticsearch/alerting/issues/14.

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by elfisher Thursday Apr 11, 2019 at 23:54 GMT

@bellfrog are you thinking of adding an additional route like below or something else?

POST _opendistro/_alerting/monitors/<monitor-id>/_unacknowledge/alerts
{
  "alerts": ["id"]
}

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by ylwu-amzn Friday Apr 12, 2019 at 19:28 GMT

@elfisher yes, that's what I want

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by elfisher Friday Apr 12, 2019 at 19:45 GMT

I think it's a good idea. @stevensideyliu from a UI perspective, what are your thoughts?

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by mihirsoni Monday Apr 15, 2019 at 18:27 GMT

@elfisher I think if we do implement unacknowledged API, then we should have mechanism to have audit trails of acknowledge / unacknowledged.

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by piellick Wednesday Sep 04, 2019 at 11:22 GMT

Very interesting @ylwu-amzn have you find a workaround ? Erase the trigger and recreate it ?

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

Comment by ylwu-amzn Thursday Sep 17, 2020 at 18:30 GMT

Very interesting @ylwu-amzn have you find a workaround ? Erase the trigger and recreate it ?

I think disable and re-enable the monitor may re-trigger alerts.

adityaj1107 avatar Jun 02 '21 21:06 adityaj1107

any progress here? maybe that's a task for me

ghost avatar Feb 17 '24 17:02 ghost

any progress here? maybe that's a task for me

I'm not sure if anyone working on this. Any alerting plugin maintainer can share the progress ?

ylwu-amzn avatar Feb 19 '24 05:02 ylwu-amzn

Hello there!

@ylwu-amzn great idea! I had the same question.

However, the problem does not seem to be resolved or in the process of being resolved, does it?

vincent2mots avatar May 30 '24 08:05 vincent2mots