Invalid rule type warnings in O11y serverless projects

[ymao1]

To recreate, run a serverless observability project and navigate to the alerts table (you don't have to add any rules). In your console, you will see the following logs:

[2024-12-12T13:03:43.077-05:00][WARN ][plugins.ruleRegistry] Found invalid rule type 'metrics.alert.threshold' while using privateRuleRegistryAlertsSearchStrategy search strategy. No alert data from this rule type will be searched.
[2024-12-12T13:03:43.078-05:00][WARN ][plugins.ruleRegistry] Found invalid rule type 'xpack.uptime.alerts.tls' while using privateRuleRegistryAlertsSearchStrategy search strategy. No alert data from this rule type will be searched.
[2024-12-12T13:03:43.078-05:00][WARN ][plugins.ruleRegistry] Found invalid rule type 'xpack.uptime.alerts.tlsCertificate' while using privateRuleRegistryAlertsSearchStrategy search strategy. No alert data from this rule type will be searched.
[2024-12-12T13:03:43.078-05:00][WARN ][plugins.ruleRegistry] Found invalid rule type 'xpack.uptime.alerts.monitorStatus' while using privateRuleRegistryAlertsSearchStrategy search strategy. No alert data from this rule type will be searched.
[2024-12-12T13:03:43.078-05:00][WARN ][plugins.ruleRegistry] Found invalid rule type 'xpack.uptime.alerts.durationAnomaly' while using privateRuleRegistryAlertsSearchStrategy search strategy. No alert data from this rule type will be searched.
[2024-12-12T13:03:43.078-05:00][WARN ][plugins.ruleRegistry] Found invalid rule type 'logs.alert.document.count' while using privateRuleRegistryAlertsSearchStrategy search strategy. No alert data from this rule type will be searched.

This is because these rule types are not registered in the serverless o11y project but the alerts table is still sending them in the request:

https://localhost:5601/internal/rac/alerts/index?ruleTypeIds=apm.error_rate&ruleTypeIds=apm.transaction_error_rate&ruleTypeIds=apm.transaction_duration&ruleTypeIds=apm.anomaly&ruleTypeIds=xpack.synthetics.alerts.monitorStatus&ruleTypeIds=xpack.synthetics.alerts.tls&ruleTypeIds=metrics.alert.threshold&ruleTypeIds=metrics.alert.inventory.threshold&ruleTypeIds=xpack.uptime.alerts.tls&ruleTypeIds=xpack.uptime.alerts.tlsCertificate&ruleTypeIds=xpack.uptime.alerts.monitorStatus&ruleTypeIds=xpack.uptime.alerts.durationAnomaly&ruleTypeIds=logs.alert.document.count&ruleTypeIds=slo.rules.burnRate&ruleTypeIds=observability.rules.custom_threshold&ruleTypeIds=.es-query&ruleTypeIds=xpack.ml.anomaly_detection_alert

[elasticmachine]

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

[maryam-saeidi]

@cnasikas @umbopepato, do you have any idea what might be the issue? Maybe for uptime rules, it is because they are deprecated. 🤔

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[cnasikas]

The alerts table accepts an array of rule type IDs. Then, it uses the provided rule type IDs and passes them to the API to fetch the alerts. The search strategy related to alerts logs this message in serverless because the alerts table requests rule types that are not registered. We discussed it offline and decided to remove the log because it did not seem useful. We filter out unsupported rule type IDs before fetching the alerts.