[system/{diskio,network}]: Add alerting rule templates#15998
Merged
shmsr merged 14 commits intoelastic:mainfrom Dec 2, 2025
Merged
[system/{diskio,network}]: Add alerting rule templates#15998shmsr merged 14 commits intoelastic:mainfrom
shmsr merged 14 commits intoelastic:mainfrom
Conversation
shmsr
commented
Nov 17, 2025
There was a problem hiding this comment.
Pull Request Overview
This pull request adds initial alerting rule templates for the system integration, focusing on disk I/O and network monitoring capabilities.
- Adds 4 new ESQL-based alerting rule templates for monitoring system health metrics
- Updates package version from 2.7.1 to 2.8.0 with format_version bump to 3.4.0
- Includes changelog entry documenting the enhancement
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| packages/system/manifest.yml | Bumps package version to 2.8.0 and format version to 3.4.0 to support new alerting templates |
| packages/system/kibana/alerting_rule_template/high_packet_drop_rate.json | Adds alerting template to detect high packet drop rates on network interfaces |
| packages/system/kibana/alerting_rule_template/high_network_error_rate.json | Adds alerting template to detect elevated network error rates |
| packages/system/kibana/alerting_rule_template/high_disk_io_latency.json | Adds alerting template to detect high disk I/O latency based on storage type |
| packages/system/kibana/alerting_rule_template/disk_io_saturation.json | Adds alerting template to detect disk I/O saturation via utilization and queue depth metrics |
| packages/system/changelog.yml | Documents the addition of alerting rule templates for diskio and network datastreams |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
shmsr
commented
Nov 17, 2025
|
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform) |
Member
|
@shmsr : I have shared my review in the issue since it was clearer to read the query there. |
Contributor
|
/test |
Contributor
|
/test |
packages/system/data_stream/syslog/elasticsearch/ingest_pipeline/default.yml
Outdated
Show resolved
Hide resolved
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
History
cc @shmsr |
|
Package system - 2.8.0 containing this change is available at https://epr.elastic.co/package/system/2.8.0/ |
9 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed commit message
This PR adds alerting rule template for the identified key alerting metrics. But note that alerts are only added for
diskioandnetworkdatastreams.Checklist
changelog.ymlfile.