[Investigate] [Incidents] Add Incidents to Alert Overview Page

[dominiqueclarke]

Prerequistes

• [Investigate] [Incidents] [Research] Alert grouping (Incident) heuristic #209388

Overview

Failures in complex software systems have compounding effects. A failure in a single component may result in multiple alerts for different rule types alerting on numerous signals.

To help SREs make sense of these fast moving alerts, we'll group alerts into a hypothesized "incident" by identifying groups of possibly related alerts.

These suggested incidents will be available to view on the alert overview page.

Features

1. When the user is on the Alert Details page, the user can choose to select the alert incident tab
2. The alert incidents tab shows all potential incidents
3. Some indication of why the alerts were suggested as an incident is shown, through iconography or some other means
4. The user is able to view all alerts connected to that incident within the same page, through an accordion, flyout, or some other mechanism determined by design
5. The user is able to group the individual alerts that make up an incident utilizing the same grouping options available today in the alerts overview page
6. The user is able to navigate to an incident details page with more information

Feature flag considerations

The logic for creating incidents will be in flux, and it won't be clear yet how accurate our useful these groupings are. We should place this feature behind a feature flag during development.

[elasticmachine]

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)