Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Event Log] Populated rule.* ECS fields for alert events. #101132

Merged
merged 20 commits into from
Jun 10, 2021
Merged

[Event Log] Populated rule.* ECS fields for alert events. #101132

merged 20 commits into from
Jun 10, 2021

Conversation

YulNaumenko
Copy link
Contributor

@YulNaumenko YulNaumenko commented Jun 2, 2021
edited
Loading

Resolves #94137

Summary

Current PR contains changes which populating rule schema part of the event log:
rule.id - the rule id field
rule.license - rule type minimumLicenseRequired field
rule.name - the rule name field
rule.ruleset - rule producer
rule.category - ruleType id

Skipped populating by the reasons:
rule.reference - not populating this till the docLinks will be supported for the server plugins: #101501
rule.version, rule.author, rule.uuid and rule.description fields - skip the populating and opened a discussion issue

@YulNaumenko YulNaumenko self-assigned this Jun 2, 2021
@YulNaumenko YulNaumenko added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:EventLog Feature:Alerting v7.14.0 v8.0.0 release_note:skip Skip the PR/issue when compiling release notes labels Jun 3, 2021
@YulNaumenko YulNaumenko marked this pull request as ready for review June 4, 2021 02:46
@YulNaumenko YulNaumenko requested a review from a team as a code owner June 4, 2021 02:46
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

YulNaumenko
YulNaumenko commented Jun 4, 2021
View reviewed changes
x-pack/plugins/alerting/server/lib/get_docs_for_rule_type_by_producer.ts Outdated
* 2.0.
*/

export const getDocsForRuleTypeByProducer = (
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using hardcoded links for now. Will replace it later with the docLinks service, when the support for the server usage will be implemented (opened issue)

@YulNaumenko YulNaumenko mentioned this pull request Jun 4, 2021
Closed
ymao1
ymao1 reviewed Jun 7, 2021
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add the new fields and descriptions to the event log README? Will make it easier keep track of what rule.id vs rule.uuid is :)

x-pack/plugins/alerting/server/lib/get_docs_for_rule_type_by_producer.ts Outdated Show resolved Hide resolved
@YulNaumenko YulNaumenko mentioned this pull request Jun 7, 2021
Closed
@YulNaumenko YulNaumenko requested review from ymao1 and peluja1012 June 8, 2021 21:40
@YulNaumenko YulNaumenko mentioned this pull request Jun 8, 2021
Closed
ymao1
ymao1 approved these changes Jun 9, 2021
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @YulNaumenko

pmuellr
pmuellr approved these changes Jun 10, 2021
View reviewed changes
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and works as expected

@YulNaumenko YulNaumenko merged commit e55a93c into elastic:master Jun 10, 2021
YulNaumenko added a commit to YulNaumenko/kibana that referenced this pull request Jun 10, 2021
@YulNaumenko
[Event Log] Populated rule.* ECS fields for alert events. (elastic#10…
d379f22 
…1132)

* [Event Log] Populated rule.* ECS fields for alert events.

* added mappings

* changed the params passing

* fixed tests

* fixed type checks

* used kibanaVersion for version event rule

* fixed typos

* fixed tests

* fixed tests

* fixed tests

* fixed tests

* fixed jest tests

* removed references

* removed not populated fields

* fixed tests

* fixed tests

* fixed tests
@YulNaumenko YulNaumenko mentioned this pull request Jun 10, 2021
Merged
YulNaumenko added a commit that referenced this pull request Jun 10, 2021
@YulNaumenko
[Event Log] Populated rule.* ECS fields for alert events. (#101132) (#…
c0d5412 
…101952)

* [Event Log] Populated rule.* ECS fields for alert events.

* added mappings

* changed the params passing

* fixed tests

* fixed type checks

* used kibanaVersion for version event rule

* fixed typos

* fixed tests

* fixed tests

* fixed tests

* fixed tests

* fixed jest tests

* removed references

* removed not populated fields

* fixed tests

* fixed tests

* fixed tests
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jun 14, 2021
@gmmorris
Merge branch 'master' into task-manager/capacity-estimation
4b96500 
* master: (68 commits)
  skip flaky suite (elastic#94043)
  skip flaky suite (elastic#102012)
  [esArchive] Persists updates for management/saved_objects/* (elastic#101992)
  skip flaky suite (elastic#101449)
  remove unnecessary hack (elastic#101909)
  [Exploratory View] Use human readable formats (elastic#101520)
  [Expressions] Refactor expression functions to use observables underneath (elastic#100409)
  [esArchives] Persist migrated Kibana archives (elastic#101950)
  [kbnArchiver] fix save to non-existent file (elastic#101974)
  [Enterprise Search] Add owner and description properties to kibana.json (elastic#101957)
  [DOCS] Fixes terminology in Stack Monitoring:Kibana alerts (elastic#101696)
  [Observability] [Cases] Cases in the observability app (elastic#101487)
  [Alerting][Docs] Combine rule creation and management pages (elastic#101498)
  temporarily disable build-buddy
  [Fleet] Fix fleet server collector in case settings are not set (elastic#101752)
  [Event Log] Populated rule.* ECS fields for alert events. (elastic#101132)
  [APM] Fleet support for merging input.config values with other nested properties in the policy input (elastic#101690)
  Add comments to some alerting plugin public API items (elastic#101551)
  [Alerting][Docs] Moving alerting setup to its own page (elastic#101323)
  remove uptime public API, it's not used. (elastic#101799)
  ...
This was referenced Jun 17, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ymao1 ymao1 ymao1 approved these changes

@pmuellr pmuellr pmuellr approved these changes

@peluja1012 peluja1012 Awaiting requested review from peluja1012

Assignees

@YulNaumenko YulNaumenko

Labels
Feature:Alerting Feature:EventLog release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[event log] populate rule.* ECS fields for alert events
6 participants
@YulNaumenko @elasticmachine @kibanamachine @pmuellr @peluja1012 @ymao1