[ResponseOps] Add pagination and sorting to the alerts search strategy #126813

chrisronline · 2022-03-03T16:34:17Z

This PR adds the ability to sort and paginate the recently introduced search strategy.

Testing

I've been testing this by using Filebeat) and configure it to start ingesting the Elasticsearch server log:

cbr-mbp:filebeat chris$ ./filebeat modules list
Enabled:
elasticsearch

Disabled:

cbr-mbp:filebeat chris$ cat modules.d/elasticsearch.yml 
# Module: elasticsearch
# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-elasticsearch.html

- module: elasticsearch
  # Server log
  server:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
      - /Users/chris/dev/repos/kibana/.es/8*/logs/elasticsearch_server.log
      - /Users/chris/dev/repos/kibana/.es/source/logs/elasticsearch_server.log

Start Filebeat and visit the Logs UI to ensure the data is coming in.

Then, go to the rules for security solutions:

and create a custom rule that looks like:

Let the rule run for a few seconds and verify alerts are showing up:

Then, use curl or some tool to send a POST request to Kibana like:

POST https://localhost:5601/internal/bsearch

{
	"batch": [
		{
			"request": {
				"featureIds": [
					"siem"
				],
				"pagination": {
					"pageIndex": 0,
					"pageSize": 2
				},
				"sort": [
					{
						"id": "kibana.alert.rule.created_at",
						"direction": "asc"
					}
				]
			},
			"options": {
				"strategy": "ruleRegistryAlertsSearchStrategy"
			}
		}
	]
}

Using this setup, you should be able to verify the functionality is working as intended.

elasticmachine · 2022-03-03T16:34:20Z

Pinging @elastic/response-ops (Team:ResponseOps)

…rategy_pagination_sorting

XavierM · 2022-03-08T21:41:49Z

x-pack/plugins/rule_registry/common/search_strategy/index.ts

+  pageSize: number;
+}
+
+export interface RuleRegistrySearchRequestSort {


I think we should just use the estypes.Sort type from import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';

JiaweiWu · 2022-03-08T22:17:05Z

x-pack/plugins/rule_registry/server/search_strategy/search_strategy.ts

+                  },
+                };
+              })
+            : {};


super small nitpick: should we try to be consistent with the types? (array)

JiaweiWu

LGTM!

…rategy_pagination_sorting

Zacqary

LGTM just a question about the tests.

Not sure if it makes sense to also test for paginating from index 0? Probably fine without it, but it might make the API clearer to indicate in the test files that it can start at 0.

x-pack/plugins/rule_registry/server/search_strategy/search_strategy.test.ts

…rategy_pagination_sorting

kibana-ci · 2022-03-09T22:22:37Z

💚 Build Succeeded

Metrics [docs]

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
`kibana`	301	302	+1
`ruleRegistry`	7	8	+1
total			+2

History

💔 Build #28978 failed 6174233
💛 Build #28853 was flaky be5cea8
💚 Build #28410 succeeded 84bbe3f
💚 Build #28155 succeeded fcd67f6
💚 Build #27431 succeeded 3af172d

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @chrisronline

…move-pdf-generation-to-screenshotting * 'main' of github.com:elastic/kibana: (62 commits) [Lens] Drop partial buckets option (elastic#127153) chore(NA): remove unused translation xpack.ml.management.jobsSpacesList.objectNoun from fr-FR (elastic#127457) Add data to user details page (elastic#127019) [Fleet] Make upload and registry package info consistent (elastic#126915) [Reporting] Capture browser errors (elastic#127135) Initial readme commit with some stub articles (elastic#127420) skip flaky suite (elastic#121482) skip flaky suite (elastic#127416) Tests to ensure Kibana is handling multi-space import of saved objects correctly (elastic#127229) [Aggs] remove toAngularJson (elastic#127267) [i18n] Integrate 8.2.0 Translations (elastic#127309) [Security Solution] [Endpoint] Creates generic policy tab artifact component to be used for all of our artifacts (elastic#126685) [Kibana React] Fix Page Template `solutionNav` propagation (elastic#127140) [Cases] Export getRelatedCases API from cases client (elastic#127065) [Cloud Posture]add support for sorting benchmark page (elastic#126983) [User experience] Fix filters for the app (elastic#127295) [Fleet] Fix timeserie dimension mapping (elastic#127328) [data view mgmt] fix data view name wrap (elastic#127319) [kbn/optimizer] extract string diffing logic (elastic#127394) [ResponseOps] Add pagination and sorting to the alerts search strategy (elastic#126813) ... # Conflicts: # x-pack/plugins/screenshotting/common/errors.ts # x-pack/plugins/screenshotting/common/index.ts # x-pack/plugins/screenshotting/server/screenshots/observable.ts

kibanamachine · 2022-03-11T22:56:18Z