[Alerting] Event Correlation Rules for o11y #197148

Erikg346 · 2024-10-21T22:39:43Z

Describe the feature:

Add Event Correlation Rules to Observability or make it available to all.

Describe a specific use case for the feature:
Observability needs a way to also correlate events across data sources. It's not just for Security:
For example,
Set up a condition for log.level: error in the logs-* index.
Set up another condition for system.filesystem.used.pct >= 80% in the metrics-* index.

elasticmachine · 2024-10-28T09:07:53Z

Pinging @elastic/response-ops (Team:ResponseOps)

cnasikas · 2024-10-30T07:26:52Z

cc @elastic/obs-ux-management-team @jasonrhodes

botelastic bot added the needs-team Issues missing a team label label Oct 21, 2024

mbondyra added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Oct 28, 2024

botelastic bot removed the needs-team Issues missing a team label label Oct 28, 2024

cnasikas added Team:obs-ux-management Observability Management User Experience Team and removed Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Oct 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Alerting] Event Correlation Rules for o11y #197148

[Alerting] Event Correlation Rules for o11y #197148

Erikg346 commented Oct 21, 2024

elasticmachine commented Oct 28, 2024

cnasikas commented Oct 30, 2024

[Alerting] Event Correlation Rules for o11y #197148

[Alerting] Event Correlation Rules for o11y #197148

Comments

Erikg346 commented Oct 21, 2024

elasticmachine commented Oct 28, 2024

cnasikas commented Oct 30, 2024