[Discuss] define relationships between alert params / groups / context variables #56764
Description
Currently an alertType defines params and actionGroups, and implicitly defines context variables accessible to action parameters when an action is triggered from the alert. And there's no relationships defined between any of these.
It would be nice to define such relationships.
This has come up with the UI design of the index threshold alert type. Let's say it defines two action groups, warning and error, which are severity levels. So you'd like to define the alert such that the query run when the alert executes is based on the params index, timeField, timeWindow, fieldName, etc, but then you want the group to only vary on the threshold value being tested, and perhaps comparator. Textually, it would be something like this:
- alert:
max(cpuUsage) from index host-metrics over a five minute window - warning:
if value > 75 - error:
if value > 90
The idea being that we'd say that the threshold value param (and maybe comparator) would be set on a per-action group level, but the other params would be set for the alert overall (would not vary for each action group).
This would allow the UI to "group" these parameter settings into "general for the alert" and "specific to the action group", per some of the recent alert UI designs.
We've also not talked about the "context variables" that an alert makes available to actions when an action is scheduled. One complication with those is being able to specify their type - probably most context variables will be scalars (strings/numbers/booleans), but it's not out of the question that they could be objects and arrays as well (recursively). How to type those is unclear, and probably out of scope for this discussion.
However, it might be nice to at least start by at least defining what context variables are even available, on per action group. Or we could simplify by saying the set of context variables is fixed per alert type, but perhaps some variables are only applicable on particular action groups (they would be undefined otherwise). Or we could have the same kind of story as with the params, to say there is a set of context variables available to all action groups, and then each action group could also define it's own set of additional context variables.