-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Maps] Fix threshold alert issue resolving nested fields #83577
[Maps] Fix threshold alert issue resolving nested fields #83577
Conversation
Pinging @elastic/kibana-gis (Team:Geo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thx for quick fix.
question wrt. test, maybe I'm missing something there though :)
@@ -38,7 +38,7 @@ export function transformResults( | |||
return _.map(subBuckets, (subBucket) => { | |||
const locationFieldResult = _.get( | |||
subBucket, | |||
`entityHits.hits.hits[0].fields.${geoField}[0]`, | |||
`entityHits.hits.hits[0].fields["${geoField}"][0]`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clever hack. I had no idea _.get
could work with this syntax.
...ins/stack_alerts/server/alert_types/geo_threshold/tests/es_sample_response_with_nesting.json
Outdated
Show resolved
Hide resolved
Does your fix work if the field is an object and if the field has a dot in the name? We had to handle similar problems when pulling fields out of hits for documents source. Below are the test cases we ensured worked. |
Thanks for the heads up! Did some investigation, it works with both fields using a dot, like |
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Distributable file count
History
To update your PR or re-run it, just comment with: |
Co-authored-by: Kibana Machine <[email protected]>
… (#83605) Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
…) (#83606) Co-authored-by: Kibana Machine <[email protected]>
…o-node-details * 'master' of github.com:elastic/kibana: (65 commits) update chromedriver dependency to 87 (elastic#83624) [TSVB] use new Search API for rollup search (elastic#83275) [TSVB] Y-axis has number formatting not considering all series formatters in the group (elastic#83438) [Logs UI] Update <LogStream /> internal state when its props change (elastic#83302) Add tag bulk action context menu (elastic#82816) [code coverage] adding plugin to flush coverage data (elastic#83447) [UsageCollection] Expose `KibanaRequest` to explicitly opted-in collectors (elastic#83413) Added eventBus to trigger and listen plotHandler event (elastic#83435) [Runtime fields] Editor phase 1 (elastic#81472) [Maps] Fix threshold alert issue resolving nested fields (elastic#83577) chore(NA): remove usage of unverified es snapshots (elastic#83589) [DOCS] Adds Elastic Contributor Program link (elastic#83561) Upgrade EUI to v30.2.0 (elastic#82730) Don't show loading screen during auto-reload (elastic#83376) Functional tests - fix esArchive mappings with runtime fields (elastic#83530) [deb/rpm] Create keystore after installation (elastic#76465) [rpm] Create default environment file at "/etc/sysconfig/kibana" (elastic#82144) [docker] removes workaround for missing crypto-policies-scripts subpackage (elastic#83455) [ML] Persisted URL state for the Data frame analytics jobs and models pages (elastic#83439) adds xpack.security.authc.selector.enabled setting (elastic#83551) ...
@aaronjcaldwell how do I test this please? Thanks! |
Hello @bhavyarm! Spinning up a Geo Threshold Alert environment (required to test this fix) is currently a very involved task requiring several steps outlined here. Since this functionality is still experimental, I'm not sure if it's critical for you to test or not. Happy to walk you through the steps offline if needed. We'd likely need about an hour. |
@aaronjcaldwell oh wow ok. It looks super interesting. will talk to Lee and buzz you. Thanks! |
Geo threshold alerts incorrectly handle nested
date
andgeo
fields. Since ES queries use dot notation for single keys, the following lodash usage works incorrectly for something likegeo.coordinates
:❌
entityHits.hits.hits[0].fields.${geoField}[0]
->entityHits.hits.hits[0].fields.geo.coordinates[0]
Instead, to treat the entire dot-separated field as one field, as is the case in the response, the following should be used:
✔️
entityHits.hits.hits[0].fields["${geoField}"][0]
->entityHits.hits.hits[0].fields["geo.coordinates"][0]