[ResponseOps][Cases][9.1 & Serverless] New case analytics indices feature docs #2220
Conversation
| Case analytics indices and their aliases are automatically generated when Kibana starts up. Every five minutes, the indices are updated with new data from cases in your space. Historical data about cases is not stored; it gets overwritten whenever new case data is written to the indices. | ||
|
|
||
| You can begin querying case analytics indices as soon as you have cases in your space. To learn more about fields in the indices, refer to | ||
| % [Case analytics indices schema](kibana://reference/case-analytics-indices-schema.md) |
There was a problem hiding this comment.
Will uncomment this ref once I merge elastic/kibana#229036.
nastasha-solomon
changed the title
| @@ -26,3 +26,13 @@ If you create cases in the {{observability}} or {{security-app}}, they are not v | |||
| * [Configure access to cases](cases/setup-cases.md) | |||
| * [Open and manage cases](cases/manage-cases.md) | |||
| * [Configure case settings](cases/manage-cases-settings.md) | |||
|
|
|||
There was a problem hiding this comment.
I can't comment on the exact line, but in line 15, there's a "[preview]" tag that doesn't do anything in these docs. Not sure if that feature is in tech preview and we want to add an applies_to tag.
There was a problem hiding this comment.
Yeah, I was thinking of replacing that with the applies to tag. Just need to check with the Ux Management folks first.
Co-authored-by: Mike Birnstiehl <114418652+mdbirnstiehl@users.noreply.github.com>
|
|
||
| ## Limitations [kibana-case-limitations] | ||
|
|
||
| * If you create cases in {{stack-manage-app}}, they are not visible from {{observability}} or the {{security-app}}. Likewise, the cases you create in {{observability}}, they are not visible in {{stack-manage-app}} or {{elastic-sec}}. |
There was a problem hiding this comment.
I tested this recently in a 9.1 deployment and it still looked to be present. If you'd prefer to rephrase it or tie it in with the case analytics feature, we can def do that.
|
|
||
| * If you create cases in {{observability}}, they are not visible from the {{security-app}} or {{stack-manage-app}}. Likewise, the cases you create in {{stack-manage-app}} are not visible in the {{observability}} or {{elastic-sec}}. | ||
| * You cannot attach alerts from {{elastic-sec}} or {{stack-manage-app}} to cases in {{observability}}. |
There was a problem hiding this comment.
Cases analytics indices are not space aware
There was a problem hiding this comment.
Can you elaborate on this, @tiamliu? Does this mean that the indices will store data for all cases in all spaces? Or maybe something else?
| :::: | ||
|
|
||
| ## Limitations [security-case-limitations] | ||
|
|
||
| * If you create cases in the {{security-app}}, they are not visible from {{observability}} or {{stack-manage-app}}. Likewise, the cases you create in {{stack-manage-app}} are not visible in {{elastic-sec}} or {{observability}}. |
There was a problem hiding this comment.
Cases analytics indices are not space aware
❗❗❗ DO NOT MERGE - WAS PULLED FROM RELEASE ❗❗❗
Contributes to #1716 by documenting how to visualize case data using the new case analytics indices.
Corresponding 8.19 docs:
Preview: