feat(slo): Avoid false positive burn rate alerting with partial rolled-up data #203279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kdelemme
added
release_note:skip
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
kdelemme
commented
Dec 6, 2024
Comment on lines
160
to
168
| const source = burnRateWindows | ||
| .map((_windDef, index) => { | ||
| const windowId = `${WINDOW}_${index}`; | ||
| return `(params.${generateAboveThresholdKey( | ||
| windowId, | ||
| SHORT_WINDOW | ||
| )} == 1 && params.${generateAboveThresholdKey(windowId, LONG_WINDOW)} == 1)`; | ||
| }) | ||
| .join(' || '); |
There was a problem hiding this comment.
💬 I find map().join() easier to follow than a reduce with a ternary operator
botelastic
bot
added
the
ci:project-deploy-observability
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
kdelemme
commented
Dec 6, 2024
| term: { 'slo.instanceId': instanceId }, | ||
| }, | ||
| { term: { 'slo.id': slo.id } }, | ||
| { term: { 'slo.revision': slo.revision } }, |
There was a problem hiding this comment.
💬 Filtering on the slo.revision won't change much in most cases, but cannot hurt when the SLO is updated and the previous data is still available when the rule runs
kdelemme
commented
Dec 6, 2024
Comment on lines
68
to
70
| // For timeslice budgeting method, we always compute the burn rate based on the observed bad slices, e.g. total observed - good observed = bad slices observed, | ||
| // And we compare this to the expected slices in the whole window duration | ||
| const burnRateAgg = isTimesliceBudgetingMethod |
There was a problem hiding this comment.
💬 The main change is here.
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
cc @kdelemme |
dominiqueclarke
approved these changes
Jan 7, 2025
| term: { 'slo.instanceId': instanceId }, | ||
| }, | ||
| { term: { 'slo.id': slo.id } }, | ||
| { term: { 'slo.revision': slo.revision } }, |
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 7, 2025
…d-up data (elastic#203279) (cherry picked from commit 0e13d86)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kowalczyk-krzysztof
pushed a commit
to kowalczyk-krzysztof/kibana
that referenced
this pull request
Jan 7, 2025
kibanamachine
added a commit
that referenced
this pull request
Jan 7, 2025
… rolled-up data (#203279) (#205806) # Backport This will backport the following commits from `main` to `8.x`: - [feat(slo): Avoid false positive burn rate alerting with partial rolled-up data (#203279)](#203279) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kevin Delemme","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-07T20:21:22Z","message":"feat(slo): Avoid false positive burn rate alerting with partial rolled-up data (#203279)","sha":"0e13d86fc7b37c48011b9a1e601ae9f4e7d664d9","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-management","v8.18.0"],"title":"feat(slo): Avoid false positive burn rate alerting with partial rolled-up data","number":203279,"url":"https://github.com/elastic/kibana/pull/203279","mergeCommit":{"message":"feat(slo): Avoid false positive burn rate alerting with partial rolled-up data (#203279)","sha":"0e13d86fc7b37c48011b9a1e601ae9f4e7d664d9"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203279","number":203279,"mergeCommit":{"message":"feat(slo): Avoid false positive burn rate alerting with partial rolled-up data (#203279)","sha":"0e13d86fc7b37c48011b9a1e601ae9f4e7d664d9"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Kevin Delemme <[email protected]>
crespocarlos
pushed a commit
to crespocarlos/kibana
that referenced
this pull request
Jan 8, 2025
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Jan 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #190143
🏇🏻 Summary
This PR makes the burn rate rule less prone to false positive alerting when the rolled-up data is not fully computed for the burn rate window or when the rolled-up data consist of intermittent data, e.g. low-traffic service's SLO.
This is achieved by using the observed bad events, e.g. observed total events - observed good events, and the total slices expected for the given window duration and SLO timeslice duration, e.g. there are 60 1min-slices in a 1h window or 30 2min-slices in a 1h window.
For example, if we have only 1 total event observed and 0 good event observed during a 1h window (using 1min slices), the new burn rate becomes
1/60/(1-objective)instead of1/(1-objective). The new burn rate is 60x smaller than the previous, which would avoid triggering the alert.Note
Did some housecleaning in the burn rate rule as well: Adding slo.revision term filter, reusing function to generate aggs keys
🧬 Testing
buildQuery tests snapshots have been updated with the new expected aggs