Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ES Query] Fix saving ECS group by fields at the root level for Query DSL #203472

Closed
maryam-saeidi opened this issue Dec 9, 2024 · 1 comment · Fixed by #203769
Closed

[ES Query] Fix saving ECS group by fields at the root level for Query DSL #203472

maryam-saeidi opened this issue Dec 9, 2024 · 1 comment · Fixed by #203769
Assignees
Labels
bug Fixes for quality problems that affect the customer experience Team:obs-ux-management Observability Management User Experience Team

Comments

@maryam-saeidi
Copy link
Member

Kibana version: 8.16

Describe the bug:

In this ticket, we added ECS group by field for all the observability rules, but it seems this logic does not work as expected for the ES Query > Query DSL rule.

Steps to reproduce:

  1. Create an ES Query > Query DSL rule with an ECS group that triggers an alert
  2. Check the alert document; you should be able to see the ECS group by field at the root level

Expected behavior:
ECS group by fields should be correctly saved at the root level for an ES Query > Query DSL rule

Screenshots (if relevant):

@maryam-saeidi maryam-saeidi added bug Fixes for quality problems that affect the customer experience Team:obs-ux-management Observability Management User Experience Team labels Dec 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

@maryam-saeidi maryam-saeidi self-assigned this Dec 10, 2024
maryam-saeidi added a commit to maryam-saeidi/kibana that referenced this issue Dec 16, 2024
…#203769)

Fixes elastic#203472

## Summary

|Rule|Group info|
|---|---|

|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|

@elastic/response-ops What sort of test do you suggest to add for this
case?

### 🧪 How to run test

#### Deployment agnostic
- [x] Test on MKI
```
// Server
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts

// Test
node scripts/functional_test_runner --config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts --grep="ElasticSearch query rule"
```

(cherry picked from commit a0fe4e6)

# Conflicts:
#	x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts
maryam-saeidi added a commit to maryam-saeidi/kibana that referenced this issue Dec 16, 2024
…#203769)

Fixes elastic#203472

## Summary

|Rule|Group info|
|---|---|

|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|

@elastic/response-ops What sort of test do you suggest to add for this
case?

### 🧪 How to run test

#### Deployment agnostic
- [x] Test on MKI
```
// Server
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts

// Test
node scripts/functional_test_runner --config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts --grep="ElasticSearch query rule"
```

(cherry picked from commit a0fe4e6)

# Conflicts:
#	x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts
maryam-saeidi added a commit to maryam-saeidi/kibana that referenced this issue Dec 16, 2024
…#203769)

Fixes elastic#203472

## Summary

|Rule|Group info|
|---|---|

|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|

@elastic/response-ops What sort of test do you suggest to add for this
case?

### 🧪 How to run test

#### Deployment agnostic
- [x] Test on MKI
```
// Server
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts

// Test
node scripts/functional_test_runner --config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts --grep="ElasticSearch query rule"
```

(cherry picked from commit a0fe4e6)

# Conflicts:
#	x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/es_query/query_dsl.ts
#	x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/es_query_rule.ts
#	x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/index.ts
#	x-pack/test_serverless/api_integration/test_suites/observability/es_query_rule/es_query_rule.ts
maryam-saeidi added a commit that referenced this issue Dec 16, 2024
…203769) (#204342)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[ES Query] Fix saving ECS group by fields for query DSL rule
(#203769)](#203769)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maryam
Saeidi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-16T08:16:43Z","message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:version","v8.18.0","v8.16.3","v8.17.1"],"number":203769,"url":"https://github.com/elastic/kibana/pull/203769","mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203769","number":203769,"mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
maryam-saeidi added a commit that referenced this issue Dec 16, 2024
…203769) (#204343)

# Backport

This will backport the following commits from `main` to `8.17`:
- [[ES Query] Fix saving ECS group by fields for query DSL rule
(#203769)](#203769)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maryam
Saeidi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-16T08:16:43Z","message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:version","v8.18.0","v8.16.3","v8.17.1"],"number":203769,"url":"https://github.com/elastic/kibana/pull/203769","mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203769","number":203769,"mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
maryam-saeidi added a commit that referenced this issue Dec 17, 2024
…203769) (#204345)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[ES Query] Fix saving ECS group by fields for query DSL rule
(#203769)](#203769)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maryam
Saeidi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-16T08:16:43Z","message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:version","v8.18.0","v8.16.3","v8.17.1"],"number":203769,"url":"https://github.com/elastic/kibana/pull/203769","mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203769","number":203769,"mergeCommit":{"message":"[ES
Query] Fix saving ECS group by fields for query DSL rule
(#203769)\n\nFixes #203472\r\n\r\n## Summary\r\n\r\n|Rule|Group
info|\r\n|---|---|\r\n\r\n|![image](https://github.com/user-attachments/assets/fc17c630-d7c2-4615-8056-5e04209b71e6)|![image](https://github.com/user-attachments/assets/55328973-d585-4148-a74f-d2c275b9989d)|\r\n\r\n@elastic/response-ops
What sort of test do you suggest to add for this\r\ncase?\r\n\r\n### 🧪
How to run test\r\n\r\n#### Deployment agnostic\r\n- [x] Test on
MKI\r\n```\r\n// Server\r\nnode scripts/functional_tests_server --config
x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts\r\n\r\n//
Test\r\nnode scripts/functional_test_runner
--config=x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.serverless.config.ts
--grep=\"ElasticSearch query
rule\"\r\n```","sha":"a0fe4e698a031cb36b9dc0c2f8450561f9ea888e"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Team:obs-ux-management Observability Management User Experience Team
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants