[8.16] [ES Query] Fix saving ECS group by fields for query DSL rule (#…

…203769) (#204345)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[ES Query] Fix saving ECS group by fields for query DSL rule
(#203769)](#203769)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maryam
Saeidi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-16T08:16:43Z","message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:version","v8.18.0","v8.16.3","v8.17.1"],"number":203769,"url":"https://github.com/elastic/kibana/pull/203769","mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203769","number":203769,"mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

x-pack/plugins/stack_alerts/server/rule_types/es_query/lib/fetch_es_query.ts

@@ -154,6 +154,7 @@ export async function fetchEsQuery({
       esResult: searchResult,
       resultLimit: alertLimit,
       sourceFieldsParams: params.sourceFields,
+      termField: params.termField,
     }),
     link,
     query: sortedQuery,

x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group3/builtin_alert_types/es_query/query_dsl_only.ts

@@ -33,7 +33,7 @@ export default function ruleTests({ getService }: FtrProviderContext) {
   const { es, esTestIndexTool, esTestIndexToolOutput, createEsDocumentsInGroups, waitForDocs } =
     getRuleServices(getService);
 
-  describe('rule', () => {
+  describe('Query DSL only', () => {
     let endDate: string;
     let connectorId: string;
     const objectRemover = new ObjectRemover(supertest);

x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts

@@ -8,7 +8,7 @@
 import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
-  describe('SLO - Burn rate rule', () => {
+  describe('Observability Alerting', () => {
     loadTestFile(require.resolve('./burn_rate_rule'));
   });
 }