Hello everyone,
is there a way to suppress "closed" alerts in Kibana's "Alerts" view, when the status of all alerts changed from open to closed?
The general filter exists, but is ineffective when no alerts with the status "open" exist:
It is possible to set a filter like this:
But this filter is not persistent. Does anyone know a way to filter the closed alerts in a persistent way? Otherwise it is confusing if Kibana shows currently new open alerts or closed ones...
Best Regards
Further note: I use version 8.8.1
Can confirm that this also happens on 8.8.0, and it is a changed behaviour from 8.7.x as far as we can see.
It is quite annoying behaviour, when I have closed all open alerts I would not expect to have the page update to show all the closed alerts but rather would expect an empty page.
We have several ongoing cases with elastic support on changed behavior in Security application so I am going to add this "feature" as well to one of these cases.
Thanks, that will help.
Generally the fix would be to show nothing, if there are no alerts with the status "open".
Exactly, that is the behaviour I would expect as well. There seems to be more and more people who encounter this new behaviour, there is at least one more case in the discussion board. I have yet to receive any useful feedback on this from Elastic support unfortunately.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.