Skip to content

[Integrations] Alerting Rule Template common page #4072

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

[Integrations] Alerting Rule Template common page #4072

wants to merge 16 commits into from
+71 −9

Conversation

@alaudazzi
Copy link
Contributor

@alaudazzi alaudazzi commented Nov 25, 2025
edited
Loading

Summary

This PR adds a new Alerting Rule Templates page that should serve as a centralized doc page with an explanation of what the alert rule templates are and how to use them. This page is going to be referenced from the individual integration pages.

The current location of the page will be changed and made more visible in a further iteration.

Relates to #3678 (comment).

Generative AI disclosure

  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?
  • Yes
  • No

Cursor with gpt5

@alaudazzi alaudazzi requested a review from muthu-mps November 25, 2025 10:12
@alaudazzi alaudazzi self-assigned this Nov 25, 2025
@alaudazzi alaudazzi added the documentation Improvements or additions to documentation label Nov 25, 2025
@alaudazzi alaudazzi changed the title Draft alerting rule template common page Draft Alerting Rule Template common page Nov 25, 2025
@alaudazzi alaudazzi changed the title Draft Alerting Rule Template common page [Integrations] Draft Alerting Rule Template common page Nov 25, 2025
@github-actions
Copy link

github-actions bot commented Nov 25, 2025
edited
Loading

Vale Linting Results

Summary: 2 suggestions found

💡 Suggestions (2)
File Line Rule Message
reference/fleet/alerting-rule-templates.md 19 Elastic.FutureTense 'will not' might be in future tense. Write in the present tense to describe the state of the product as it is now.
reference/fleet/alerting-rule-templates.md 22 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.

muthu-mps
muthu-mps reviewed Nov 25, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Nov 25, 2025
edited
Loading

🔍 Preview links for changed docs

@alaudazzi alaudazzi marked this pull request as ready for review November 25, 2025 10:57
@alaudazzi alaudazzi requested a review from a team as a code owner November 25, 2025 10:57
@alaudazzi
Update alerting-rule-templates.md
d36a84c 
Remove optional step about connectors,
daniela-elastic
daniela-elastic reviewed Nov 25, 2025
View reviewed changes
daniela-elastic
daniela-elastic reviewed Nov 25, 2025
View reviewed changes
daniela-elastic
daniela-elastic reviewed Nov 25, 2025
View reviewed changes
daniela-elastic
daniela-elastic reviewed Nov 25, 2025
View reviewed changes
daniela-elastic
daniela-elastic approved these changes Nov 25, 2025
View reviewed changes
Copy link

@daniela-elastic daniela-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made minor comments and also question on the correct stack version. Approving in principal but please review the comments.

tommyers-elastic
tommyers-elastic reviewed Nov 25, 2025
View reviewed changes
Copy link

@tommyers-elastic tommyers-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think this is a good start, but i think it could be a little better organised.

currently there's information about what the templates are and how to use them kinda sprinkled throughout. e.g. "open a prefilled rule creation form you can adjust and enable", and later, "When you click a template, you get a prefilled ..." etc.

i think it could be useful to split the information into sections targeted to specific things users might want to know/do

e.g. "what is an alert rule template?", "where do i find the templates"?, "how do i use the templates?", "how do i know when a rule was created from a template?", "how do i update a rule created from a template?" etc etc

i think we should also make it really clear that the whilst the alerts can be used without modification, thresholds should always be considered in the context of your own environment. the consquence of blindly installing alerts with the predefined thresholds could be many many alerts firing at ocne which would consitute a bad UX.

@alaudazzi
Copy link
Contributor Author

alaudazzi commented Nov 26, 2025

@tommyers-elastic @daniela-elastic
Your comments have been addressed. Please have a final review before I can merge.

@alaudazzi
Copy link
Contributor Author

alaudazzi commented Nov 28, 2025

@tommyers-elastic I added the following note as you suggested:

Although the alerts can be used as provided, threshold values should always be evaluated in the context of your specific environment. Applying the predefined thresholds without adjustment may result in an excessive number of alerts.

@alaudazzi
Copy link
Contributor Author

alaudazzi commented Nov 28, 2025

@daniela-elastic
I addressed your suggestions as follows:

Should we add a hyperlink the first time we mention "Elastic integrations" so that users who came straight to this page know what integrations we are talking about

=> done

Should we mention that while the template is managed by Elastic (and it may change in the future), once the customer creates an alert out of it, it's theirs and Elastic doesn't change it even if the template changes. That way customers who are used to the integrations being managed (the dashboard is updated automatically unless you clone it) don't get the wrong impression that the alerts will change as well.

=> done
I slightly rephrased as follows:
Although these templates are managed by Elastic, any alert created from them is owned by the customer and will not be modified by Elastic, even if the templates change.

Should we mention that if an integration doesn't show alert templates in the asset tab, that doesn't mean that there's necessarily a bug but some integrations don't yet have alerts

=> This note should already clarify this point

{note} You can find the Alerting rule template option only when the integration adds template support for alerting rules.

In "Select a template to open a prefilled Create rule form. [...] setting up connectors, and defining rule actions." should we define what we mean by connectors. In this case I believe these are connectors to eg email, etc that will send the alert info to the channel where you normally receive your alerts

@muthu-mps can you help clarify what these connectors are?

daniela-elastic
daniela-elastic reviewed Nov 28, 2025
View reviewed changes
daniela-elastic
daniela-elastic approved these changes Nov 28, 2025
View reviewed changes
Copy link

@daniela-elastic daniela-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small correction needed w.r.t. too noisy alerts vs alerts that don't fire due to thresholds too high. I left a comment. Please address. No need for further aprpoval.

@alaudazzi alaudazzi changed the title [Integrations] Draft Alerting Rule Template common page [Integrations] Alerting Rule Template common page Nov 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@muthu-mps muthu-mps muthu-mps left review comments

@tommyers-elastic tommyers-elastic tommyers-elastic left review comments

@daniela-elastic daniela-elastic daniela-elastic approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@alaudazzi alaudazzi

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alaudazzi @muthu-mps @tommyers-elastic @daniela-elastic