From 46eb8b570b914273beb4fa2a0588bc9c2637910d Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 18 Oct 2023 15:27:42 -0500 Subject: [PATCH 1/4] clarify description of index setting in topic about defining SLIs --- docs/en/observability/slo-create.asciidoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/observability/slo-create.asciidoc b/docs/en/observability/slo-create.asciidoc index f41717a2c8..368b1ad109 100644 --- a/docs/en/observability/slo-create.asciidoc +++ b/docs/en/observability/slo-create.asciidoc @@ -35,13 +35,13 @@ The type of SLI to use depends on the location of your data: [[custom-kql-sli]] == Custom KQL -Create an indicator based on any of your {es} indices or index patterns. You define two queries: one that yields the good events from your index, and one that yields the total events from your index. +Create an indicator based on any of your {es} indices or data views. You define two queries: one that yields the good events from your index, and one that yields the total events from your index. *Example:* You can define a custom KQL indicator based on the `service-logs` with the *good query* defined as `nested.field.response.latency <= 100 and nested.field.env : “production”` and the *total query* defined as `nested.field.env : “production”`. When defining a custom KQL SLI, set the following fields: -* *Index* — The index or index pattern you want to base the SLI on. For example, `service-logs`. +* *Index* — The data view or index patter you want to base the SLI on. For example, `service-logs`. * *Timestamp field* — The timestamp field used by the index. * *Query filter* — A KQL filter to specify relevant criteria by which to filter the index documents. * *Good query* — The query yielding events that are considered good or successful. For example, `nested.field.response.latency <= 100 and nested.field.env : “production”` @@ -59,7 +59,7 @@ Create an indicator to define custom equations from metric fields in your indice When defining a custom metric SLI, set the following fields: * *Source* -** *Index* — The index or index pattern you want to base the SLI on. For example, `my-service-*`. +** *Index* — The data view or index pattern you want to base the SLI on. For example, `my-service-*`. ** *Timestamp field* — The timestamp field used by the index. ** *Query filter* — A KQL filter to specify relevant criteria by which to filter the index documents. For example, `'field.environment : "production" and service.name : "my-service"'`. * *Good events* @@ -85,7 +85,7 @@ When using a `range` aggregation, both the `from` and `to` thresholds are requir When defining a histogram metric SLI, set the following fields: * *Source* -** *Index* — The index or index pattern you want to base the SLI on. For example, `my-service-*`. +** *Index* — The data view or index pattern you want to base the SLI on. For example, `my-service-*`. ** *Timestamp field* — The timestamp field used by the index. ** *Query filter* — A KQL filter to specify relevant criteria by which to filter the index documents. For example, `field.environment : "production" and service.name : "my-service"`. * *Good events* From ae2af255a956c7faaeec23606c0809fa86cb1b95 Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 18 Oct 2023 15:29:33 -0500 Subject: [PATCH 2/4] clarify description of the partition by field for SLOs --- docs/en/observability/slo-create.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/observability/slo-create.asciidoc b/docs/en/observability/slo-create.asciidoc index 368b1ad109..c8b4d09cb5 100644 --- a/docs/en/observability/slo-create.asciidoc +++ b/docs/en/observability/slo-create.asciidoc @@ -46,7 +46,7 @@ When defining a custom KQL SLI, set the following fields: * *Query filter* — A KQL filter to specify relevant criteria by which to filter the index documents. * *Good query* — The query yielding events that are considered good or successful. For example, `nested.field.response.latency <= 100 and nested.field.env : “production”` * *Total query* — The query yielding all events to take into account for computing the SLI. For example, `nested.field.env : “production”`. -* *Partition by* — Create an SLO for each value of the field you enter. +* *Partition by* — The field used to partition the data based on the values of the specific field. For example, you could partition by the `url.domain` field, which would create individual SLOs for each value of the selected field. [discrete] [[custom-metric-sli]] @@ -70,7 +70,7 @@ When defining a custom metric SLI, set the following fields: ** *Metric [A-Z]* — The field that is aggregated using the `sum` aggregation for total events. For example, `processor.processed` ** *Filter [A-Z]* — The filter to apply to the metric for total events. For example, `"processor.outcome: *"` ** *Equation* — The equation that calculates the total metric. For example, `A`. -* *Partition by* — Create an SLO for each value of the field you enter. +* *Partition by* — The field used to partition the data based on the values of the specific field. For example, you could partition by the `url.domain` field, which would create individual SLOs for each value of the selected field. [discrete] [[histogram-metric-sli]] @@ -100,7 +100,7 @@ When defining a histogram metric SLI, set the following fields: ** *From* — (`range` aggregation only) The starting value of the range for total events. For example, `0`. ** *To* — (`range` aggregation only) The ending value of the range for total events. For example, `100`. ** *KQL filter* — The filter for total events. For example, `"processor.outcome : *"`. -* *Partition by* — Create an SLO for each value of the field you enter. +* *Partition by* — The field used to partition the data based on the values of the specific field. For example, you could partition by the `url.domain` field, which would create individual SLOs for each value of the selected field. [discrete] [[apm-latency-and-availability-sli]] From c980e16d731df17bd416779959dbf5a2960e0f8a Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 18 Oct 2023 15:42:36 -0500 Subject: [PATCH 3/4] add more info on connectors --- .../create-observability-connectors.asciidoc | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/en/observability/create-observability-connectors.asciidoc b/docs/en/observability/create-observability-connectors.asciidoc index 604126f583..6ae28e6a41 100644 --- a/docs/en/observability/create-observability-connectors.asciidoc +++ b/docs/en/observability/create-observability-connectors.asciidoc @@ -1,7 +1,8 @@ [[cases-external-connectors]] = Configure external connectors -You can send cases to these third-party systems: +If you are using an external incident management system, you can integrate Elastic Observability +cases with that system using _connectors_. These third-party systems are supported: * {sn-itsm} * {sn-sir} @@ -64,7 +65,13 @@ To update an existing connector: [discrete] [[close-connector-observability]] -== Close sent cases automatically +== Sending and closing cases + +To send a case to an external system, click the **Push as incident** button from the individual case page. +This information is not sent automatically. If you make further changes to the shared case fields, you should push the case again. + +If you close cases in your external incident management system, the cases will remain open in Elastic Observability until you close them +manually. To close cases when they are sent to an external system, select -*Automatically close cases when pushing new incident to external system*. \ No newline at end of file +*Automatically close cases when pushing new incident to external system* when adding a connector to a case. \ No newline at end of file From d5d7dbd459930793c3f2a6ec3f7deafbfa363ef3 Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Wed, 18 Oct 2023 15:53:52 -0500 Subject: [PATCH 4/4] thank you, mike Co-authored-by: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com> --- docs/en/observability/slo-create.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/observability/slo-create.asciidoc b/docs/en/observability/slo-create.asciidoc index c8b4d09cb5..bb5b650d3b 100644 --- a/docs/en/observability/slo-create.asciidoc +++ b/docs/en/observability/slo-create.asciidoc @@ -41,7 +41,7 @@ Create an indicator based on any of your {es} indices or data views. You define When defining a custom KQL SLI, set the following fields: -* *Index* — The data view or index patter you want to base the SLI on. For example, `service-logs`. +* *Index* — The data view or index pattern you want to base the SLI on. For example, `service-logs`. * *Timestamp field* — The timestamp field used by the index. * *Query filter* — A KQL filter to specify relevant criteria by which to filter the index documents. * *Good query* — The query yielding events that are considered good or successful. For example, `nested.field.response.latency <= 100 and nested.field.env : “production”`