Strange behavior of "no data" alerts

EDzhelyov · November 9, 2022, 10:32am

We have an alert that checks if there is a controllermanager.master, it's configured to use the document count function, see the screenshot below.

It started to report "no data" and triggered the alert after we created it, and this was resolved when we added the kubernetes.controllermanager.leader.is_master in the filter conditions. Then I removed the additional condition in order to recreate the problem and it's gone. The alert doesn't report "no data" anymore and it's configured exactly as in the beginning.

This is not the first time we had an alert that reports "no data" to be fixed by just editing the filters and then restoring to the original configuration. We run on Elastic 8.4.

Have you spotted a similar problem?
Is there a way in Kibana or in the logs that we can debug such issues and obtain more information for the alert queries?

coenwarmer · November 10, 2022, 11:47am

Hey there @EDzhelyov, thanks for reaching out.

This is a known issue that we have identified and fixed with this PR: [Actionable Observability] Verify missing groups for Metric Threshold rule before scheduling no-data actions by simianhacker · Pull Request #144205 · elastic/kibana · GitHub.

This change is set to be released in our next version, 8.6.0. 8.6.0 is scheduled to be released on December 13th.

Hope this helps!

Coen

Topic		Replies	Views
How to disable alerts on no data in Metric Threshold rule Elastic Observability elastic-stack-alerting	4	484	October 4, 2022
Kibana Index Threshold Alert doesn't report 0 document Kibana elastic-stack-alerting	7	197	June 12, 2024
How to remove no-data alert for removed host? Elastic Observability elastic-stack-alerting	4	151	May 17, 2024
No alert on missing data - Kibana Kibana elastic-stack-alerting	3	863	July 6, 2022
No data Alert Kibana	19	1550	August 25, 2023

Strange behavior of "no data" alerts

Related topics