This post asked about being able to use {{context.group}} in Recovered messages. Since then, the relevant pull request has been merged, seemingly for 8.2.0. However, this still doesn't seem to work in 8.2.0. Is it actually now possible, or is there still implementation missing?
Hi Ethan,
The PR you linked to add the platform facility that enables rules to include recovery context where applicable. That said, the context is different for each rule, and additional work is necessary for each rule type to take advantage of this facility.
The good news is that the teams have been hard at work to take advantage of this facility across as many rule types as possible, and many have merged the PR necessary.
I'm guessing you're interested in the Observability rule types, as you mention context.group which is specific to the Logs Threshold. As you can see in this PR this work has now been merged, so unless some issue is identified prior to release, we expect this to land in 8.3.0 (but I can't make that commitment until the minor is released).
You can keep track of the work across all rule types on this meta issue: [Meta][Response Ops] Context on recovered alerts for each rule type · Issue #126617 · elastic/kibana · GitHub
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.