Semantic conventions for alerts #1081
Assignees
Labels
area:new
enhancement
New feature or request
experts needed
This issue or pull request is outside an area where general approvers feel they can approve
triage:needs-triage
Comments
thompson-tomo
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Area(s)
area:new
Is your change request related to a problem? Please describe.
I want to be able to describe & capture alerts as events in my OPEN Telemetry data just like I can do with ECS and is also described in the CDEvents spec which is also attached.
Describe the solution you'd like
Clear guidance on what the conventions are for describing an alert. Suggestions would be to include:
rule.category-> A categorization value keyword used by the entity using the rule for detection of this event.rule.name-> The name of the rule or signature generating the event.rule.description-> The description of the rule generating the event.rule.version-> The version / revision of the rule being used for analysis.alert.type-> strongly typed option of raise, notify & clearalert.message-> user defined message to show in the alertalert.severity-> the severity of the alert which is just like log levelsDescribe alternatives you've considered
No response
Additional context
https://www.elastic.co/guide/en/ecs/current/ecs-rule.html
https://github.com/cdevents/spec/blob/v0.4.1/continuous-operations.md#ticket
The text was updated successfully, but these errors were encountered: