[Alerts][Actions][Telemetry] Fix mappings for Kibana actions and alert types telemetry.

[YulNaumenko]

1. Fixed replace '.' only if it is a first symbol of alertTypeId or actionTypeId.

{
stack_stats.kibana.plugins.alerts.count_active_by_type.xpack.uptime.alerts.monitorStatus: 1, 
stack_stats.kibana.plugins.alerts.count_active_by_type.__index-threshold: 1,
}

and

{ 
stack_stats.kibana.plugins.actions.count_active_by_type.__server-log: 1 
}

2. Added missing logic for count_active_by_type in the actions telemetry. New flow is to fetch all unique connectorIds, which are in usage in 'references.type': 'action' and then group this number by actionTypeId from the savedObject internalRepository bulkGet request by the selected connectorIds.
   Example of the actions response part in stats API request:
   https://localhost:5601/tgx/api/stats?extended=true

"actions": {
            "runs": 128,
            "count_total": 5,
            "count_by_type": {
                "slack": 1,
                "teams": 1,
                "server_log": 2,
                "index": 1
            },
            "count_active_total": 2,
            "count_active_by_type": {
                "slack": 1,
                "server_log": 1
            }
        },

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[pmuellr]

Left a comment about creating a single function to do the . -> __ mapping.

Also, I'm curious why we changed this so that only the first . is changed. Was there a problem with other ones, eg, with xpack.uptime.alerts.monitorStatus? I'm not sure how our data is ingested into the telemetry indices, but will having an "internal ." be a problem for those property names, for how telemetry might query for them?

[pmuellr]

Since this code is the same as on line 65, I think we should reorganize it into a single function in this module, that's called in both places.

[YulNaumenko]

The reason why we need this replacement of the first symbol '.' is from this issue

"reason" : "object field starting or ending with a [.] makes object resolution ambiguous: [.webhook]"
"reason" : "object field starting or ending with a [.] makes object resolution ambiguous: [.index-threshold]"
"reason" : "object field starting or ending with a [.] makes object resolution ambiguous: [.server-log]"

and commented here. I agree that we should have a single method for doing this.

[YulNaumenko]

I think that we should add handling for end symbol '.' as well.

[YulNaumenko]

If there are no first symbol '.', easier to keep the original alertTypeId and actionTypeId which are easier to identify. So I think we should keep only replacements which are required.

[pmuellr]

cool, thx.

I'd guess we won't see any types that end with ., but I guess it could cause problems if we are doing "text/keyword" multi-fields (eg, where you would append .keyword to the field), so probably makes sense to process a trailing . as well. Just in case :-)

[gmmorris]

@elasticmachine merge upstream

[ymao1]

LGTM! Just a nit about tests.

[ymao1]

Maybe add another type that ends with a . to test that it gets stripped?

[ymao1]

Same comment as above...should we add a type that ends in a . to test that it gets stripped?

[YulNaumenko]

jenkins retest this please

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 363ec43

Metrics [docs]

✅ unchanged

History

• 💔 Build #101351 failed 363ec43
• 💛 Build #101025 was flaky f6d8792
• 💚 Build #100995 succeeded 56f9116
• 💚 Build #100546 succeeded 0cca278
• 💚 Build #100490 succeeded 440c8f0

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[pmuellr]

LGTM