Alert Management / Multi-tenancy

I saw this touched on indirectly in another topic, but wanted to get a more focused discussion on this, as I was surprised by the design behind alert management, specifically as it pertains to a multi-tenancy model.

I started working with visualizations/dashboards initially and loved how those artifacts could be saved in separate indices associated to the tenant you were using. This made defining role based access to those artifacts via the security plugin really clean and easy to use.

The natural progression for me was to then create alerts based on events/scenarios similar to those I was visualizing. Intuitively, I expected a similar design for monitors, alerts, and actions, where they would be stored in tenant specific indices, but they instead appear to be managed at a cluster level.

I’m curious why there seems to be this disconnect in design between visualizations/dashboards and alerting. For those developing, is there any plan to move alerting in a more multi-tenancy friendly direction? I imagine this would be a very desirable functionality, but I’d love to hear others thoughts as well.

Agree. It is something some of the folks working on alerting have been talking about and it is our intention to tightly integrate these features so that they work well together.

There is an issue for it here: Integrate Security with Alerting · Issue #6 · opendistro-for-elasticsearch/alerting · GitHub

So feel free to +1 and comment on it.

Definite +1 from me, and thanks for taking the time to respond. I should have found that issue on my own, but must have glanced over it.

If nothing else, this may help others find that issue, so thanks again for linking it.