Skip to content

[Alerting V2] bulk get alert actions#258353

Open
adcoelho wants to merge 4 commits intoelastic:alerting_v2from
adcoelho:alerting-v2-bulk-get-alert-actions
Open

[Alerting V2] bulk get alert actions#258353
adcoelho wants to merge 4 commits intoelastic:alerting_v2from
adcoelho:alerting-v2-bulk-get-alert-actions

Conversation

@adcoelho
Copy link
Contributor

@adcoelho adcoelho commented Mar 18, 2026
edited
Loading

Closes #258317

Summary

The alert episodes table needs to display episode status for each row.

To build that UI, we needed a bulk-get API for alert actions.

Testing

Start by posting some mock action data. 
POST .alerting-actions/_bulk
{"create":{}}
{"@timestamp":"2026-03-18T08:00:00.000Z","last_series_event_timestamp":"2026-03-18T07:55:00.000Z","actor":"user-1","action_type":"ack","group_hash":"gh-1","episode_id":"ep-001","rule_id":"rule-1"}
{"create":{}}
{"@timestamp":"2026-03-18T08:10:00.000Z","last_series_event_timestamp":"2026-03-18T07:55:00.000Z","actor":"user-1","action_type":"snooze","group_hash":"gh-1","episode_id":"ep-001","rule_id":"rule-1"}
{"create":{}}
{"@timestamp":"2026-03-18T08:30:00.000Z","last_series_event_timestamp":"2026-03-18T07:55:00.000Z","actor":"user-2","action_type":"deactivate","group_hash":"gh-2","episode_id":"ep-002","rule_id":"rule-1","reason":"Known maintenance window"}
{"create":{}}
{"@timestamp":"2026-03-18T08:45:00.000Z","last_series_event_timestamp":"2026-03-18T07:55:00.000Z","actor":"user-2","action_type":"ack","group_hash":"gh-2","episode_id":"ep-002","rule_id":"rule-1"}
{"create":{}}
{"@timestamp":"2026-03-18T09:00:00.000Z","last_series_event_timestamp":"2026-03-18T08:50:00.000Z","actor":"user-1","action_type":"ack","group_hash":"gh-3","episode_id":"ep-003","rule_id":"rule-2"}
{"create":{}}
{"@timestamp":"2026-03-18T09:15:00.000Z","last_series_event_timestamp":"2026-03-18T08:50:00.000Z","actor":"user-1","action_type":"unack","group_hash":"gh-3","episode_id":"ep-003","rule_id":"rule-2"}
{"create":{}}
{"@timestamp":"2026-03-18T09:30:00.000Z","last_series_event_timestamp":"2026-03-18T09:20:00.000Z","actor":"user-3","action_type":"snooze","group_hash":"gh-4","episode_id":"ep-004","rule_id":"rule-2"}
{"create":{}}
{"@timestamp":"2026-03-18T09:50:00.000Z","last_series_event_timestamp":"2026-03-18T09:20:00.000Z","actor":"user-3","action_type":"unsnooze","group_hash":"gh-4","episode_id":"ep-004","rule_id":"rule-2"}
{"create":{}}
{"@timestamp":"2026-03-18T10:00:00.000Z","last_series_event_timestamp":"2026-03-18T09:50:00.000Z","actor":"user-2","action_type":"deactivate","group_hash":"gh-5","episode_id":"ep-005","rule_id":"rule-3","reason":"Duplicate alert"}
{"create":{}}
{"@timestamp":"2026-03-18T10:20:00.000Z","last_series_event_timestamp":"2026-03-18T09:50:00.000Z","actor":"user-1","action_type":"activate","group_hash":"gh-5","episode_id":"ep-005","rule_id":"rule-3","reason":"Re-enabled after investigation"}
{"create":{}}
{"@timestamp":"2026-03-18T10:30:00.000Z","last_series_event_timestamp":"2026-03-18T10:25:00.000Z","actor":"user-1","action_type":"ack","group_hash":"gh-6","episode_id":"ep-006","rule_id":"rule-3"}
{"create":{}}
{"@timestamp":"2026-03-18T10:45:00.000Z","last_series_event_timestamp":"2026-03-18T10:25:00.000Z","actor":"user-1","action_type":"snooze","group_hash":"gh-6","episode_id":"ep-006","rule_id":"rule-3"}
{"create":{}}
{"@timestamp":"2026-03-18T10:55:00.000Z","last_series_event_timestamp":"2026-03-18T10:25:00.000Z","actor":"user-2","action_type":"deactivate","group_hash":"gh-6","episode_id":"ep-006","rule_id":"rule-3","reason":"Root cause fixed"}
{"create":{}}
{"@timestamp":"2026-03-18T11:00:00.000Z","last_series_event_timestamp":"2026-03-18T10:55:00.000Z","actor":"user-3","action_type":"ack","group_hash":"gh-7","episode_id":"ep-007","rule_id":"rule-4"}
{"create":{}}
{"@timestamp":"2026-03-18T11:30:00.000Z","last_series_event_timestamp":"2026-03-18T11:20:00.000Z","actor":"user-2","action_type":"snooze","group_hash":"gh-8","episode_id":"ep-008","rule_id":"rule-4"}
{"create":{}}
{"@timestamp":"2026-03-18T11:45:00.000Z","last_series_event_timestamp":"2026-03-18T11:20:00.000Z","actor":"user-2","action_type":"ack","group_hash":"gh-8","episode_id":"ep-008","rule_id":"rule-4"}
{"create":{}}
{"@timestamp":"2026-03-18T12:00:00.000Z","last_series_event_timestamp":"2026-03-18T11:50:00.000Z","actor":"user-1","action_type":"deactivate","group_hash":"gh-9","episode_id":"ep-009","rule_id":"rule-5","reason":"Alert storm - suppressing"}
{"create":{}}
{"@timestamp":"2026-03-18T12:10:00.000Z","last_series_event_timestamp":"2026-03-18T11:50:00.000Z","actor":"user-1","action_type":"snooze","group_hash":"gh-9","episode_id":"ep-009","rule_id":"rule-5"}
{"create":{}}
{"@timestamp":"2026-03-18T12:30:00.000Z","last_series_event_timestamp":"2026-03-18T12:20:00.000Z","actor":"user-3","action_type":"ack","group_hash":"gh-10","episode_id":"ep-010","rule_id":"rule-5"}
{"create":{}}
{"@timestamp":"2026-03-18T12:40:00.000Z","last_series_event_timestamp":"2026-03-18T12:20:00.000Z","actor":"user-3","action_type":"unack","group_hash":"gh-10","episode_id":"ep-010","rule_id":"rule-5"}
{"create":{}}
{"@timestamp":"2026-03-18T12:50:00.000Z","last_series_event_timestamp":"2026-03-18T12:20:00.000Z","actor":"user-3","action_type":"ack","group_hash":"gh-10","episode_id":"ep-010","rule_id":"rule-5"}

There are up to 10 episodes with actions, all with ids like ep-001.

Query the new route and confirm that the results are as expected.

POST kbn:/internal/alerting/v2/alerts/action/_bulk_get
{
  "episode_ids": ["ep-001", "ep-002", "ep-003", "foobar"]
}

@adcoelho adcoelho self-assigned this Mar 18, 2026
@adcoelho adcoelho added the Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t// label Mar 18, 2026
@adcoelho adcoelho marked this pull request as ready for review March 18, 2026 13:51
@adcoelho adcoelho requested review from a team as code owners March 18, 2026 13:51
@elasticmachine
Copy link
Contributor

elasticmachine commented Mar 18, 2026

Pinging @elastic/response-ops (Team:ResponseOps)

@adcoelho adcoelho force-pushed the alerting-v2-bulk-get-alert-actions branch from 08e9e28 to 2989159 Compare March 18, 2026 13:56
@elasticmachine
Copy link
Contributor

elasticmachine commented Mar 18, 2026

💔 Build Failed

Failed CI Steps

Metrics [docs]

‼️ ERROR: no builds found for mergeBase sha [04ac41c]

History

cc @adcoelho

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@adcoelho adcoelho

Labels

Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t//

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adcoelho @elasticmachine @kibanamachine