Kibana Alerts - Action on Recovered contains no context.group

Hi,

We recently upgraded from Elastic 7.10.0 to 7.12.0. Mainly because I saw the new Alerting/Action functionality to only send an Alert on a Status Change (instead of on an interval). This is a very nice feature, however, I've noticed that the Recovered Alert does not contain the context.group information.

So whenever I get a slack Alert that tells me about the specific grouping variables (in our case, kubernetes.cluster.name, pod name, container name) I can see this information when the state changes to Alert, but not when the state changes to OK..

I have configured the following Slack Actions within the same Alert;

Run when: Alert
Message: A container will not start up. Cluster, Namespace, Pod, Container, Status:
{{context.group}}

Run when: Recovered
Message: A container Recovered. Cluster, Namespace, Pod, Container, Status:
{{context.group}}

This results in the following Slack messages:

A container will not start up. Cluster, Namespace, Pod, Container, Status:
testcluster, testnamespace, testservice-855bcd9849-rlvmt, testservice, CrashLoopBackOff

A container Recovered. Cluster, Namespace, Pod, Container, Status:

Am I doing something wrong? Is there another way to include the same information in the Recovered Alert?

Thanks in advance!

Jasper

Hi @JMisset88 Welcome to the community!

No its not you. At this time that data is not available.

You can use the to help with the alignment / correlation at this time.

"alertId" : "{{alertId}}",
"alertInstanceId" : "{{alertInstanceId}}",

I will open an issue, when I do I will notify you perhaps you can add your use case ++ to it.

Update there is an Issue Here . It is a bit low level but I I will add this / you discuss context / use case in there for reference.

Hi Stephen,

Thanks for your reply. I will check out the alertId's for correlation and keep an eye on the issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.