[Internal]: New context.grouping variable in Observability rules

[benakansara]

Description

What:
We have added context.grouping variable in Observability rules to streamline the method of saving group information in alert's context. This variable allows users to use group information in action message as an object. For example, if rule is configured with group by fields host.name and container.id, these can be accessed in action message as follows:

{
  "host.name": "{{context.grouping.host.name}}",
  "container.id": "{{context.grouping.container.id}}",
  "all_groups": "{{context.grouping}}"
}

The context.grouping variable is available for the following rules in 9.1/Serverless:

• Custom threshold rule
• SLO burn rate rule
• Elasticsearch query rule
• APM Latency threshold rule
• APM Failed transaction rate rule
• APM Error count rule

A similar variable called context.groupByKeys exists in the following rules (and therefore new context.grouping variable is not added):
The context.grouping variable is available for the following rules in 9.2/Serverless:

• Metric threshold rule
• Log threshold rule
• Inventory

The documentation for existing context variables can be found under "Action variables" section of each rule. For example: https://www.elastic.co/docs/solutions/observability/incident-management/create-custom-threshold-rule#observability-create-custom-threshold-alert-rule-add-actions

When:
8.19/9.1, already in Serverless

Why:
We had different ways of exposing group information as context variable in different Observability rules. More information can be found in elastic/kibana#180709. We needed a consistent way users can rely on when using group information in action message.

Resources

Related issue: elastic/kibana#180709

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

The feature is identical in all deployment methods.

What release is this request related to?

N/A

Serverless release

Already in Serverless

Collaboration model

The documentation team

Point of contact.

Main contact: @benakansara

Stakeholders: @jasonrhodes

[nastasha-solomon]

@cesco-f to add to this doc issue once elastic/kibana#229054 is done. One thing to note, 229054 is going into 9.2 and and upcoming Serverless release, while changes made for elastic/kibana#180709 went into 9.1 and a previous Serverless release (i.e., they're already available in Serverless).
cc: @benakansara

[cesco-f]

A similar variable called context.groupByKeys exists in the following rules (and therefore new context.grouping variable is not added):

Metric threshold rule (already documented)
Log threshold rule (needs documentation)

elastic/kibana#229054 has been merged, starting from 9.2 context.grouping will be available also for these 2 rules and for the Inventory rule as well.

[nastasha-solomon]

8.19, 9.1, 9.2, and Serverless docs are updated.