From 764b8c699220ae94efff0d448d36d5adb79dc313 Mon Sep 17 00:00:00 2001 From: Maryam Saeidi Date: Tue, 23 Jul 2024 14:14:59 +0200 Subject: [PATCH 1/7] Add ECS group fields to AAD for the metric threshold rule --- package.json | 1 + tsconfig.base.json | 2 + .../alerting_rule_utils/README.md | 5 ++ .../alerting_rule_utils/index.ts} | 5 +- .../alerting_rule_utils/jest.config.js | 12 +++++ .../alerting_rule_utils/kibana.jsonc | 5 ++ .../alerting_rule_utils/package.json | 7 +++ .../src}/get_ecs_groups.test.ts | 0 .../src}/get_ecs_groups.ts | 6 ++- .../alerting_rule_utils/tsconfig.json | 17 +++++++ .../metric_threshold_executor.test.ts | 7 ++- .../metric_threshold_executor.ts | 11 +++-- .../custom_threshold_executor.test.ts | 19 -------- .../custom_threshold_executor.ts | 3 +- .../lib/rules/custom_threshold/utils.ts | 2 +- .../custom_threshold_rule/group_by_fired.ts | 47 ++++++++++--------- yarn.lock | 4 ++ 17 files changed, 98 insertions(+), 55 deletions(-) create mode 100644 x-pack/packages/observability/alerting_rule_utils/README.md rename x-pack/{plugins/observability_solution/infra/common/alerting/types.ts => packages/observability/alerting_rule_utils/index.ts} (79%) create mode 100644 x-pack/packages/observability/alerting_rule_utils/jest.config.js create mode 100644 x-pack/packages/observability/alerting_rule_utils/kibana.jsonc create mode 100644 x-pack/packages/observability/alerting_rule_utils/package.json rename x-pack/{plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib => packages/observability/alerting_rule_utils/src}/get_ecs_groups.test.ts (100%) rename x-pack/{plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib => packages/observability/alerting_rule_utils/src}/get_ecs_groups.ts (93%) create mode 100644 x-pack/packages/observability/alerting_rule_utils/tsconfig.json diff --git a/package.json b/package.json index 3d204cf5bae76c..b097b9ce2a8fbe 100644 --- a/package.json +++ b/package.json @@ -643,6 +643,7 @@ "@kbn/observability-ai-assistant-management-plugin": "link:x-pack/plugins/observability_solution/observability_ai_assistant_management", "@kbn/observability-ai-assistant-plugin": "link:x-pack/plugins/observability_solution/observability_ai_assistant", "@kbn/observability-alert-details": "link:x-pack/packages/observability/alert_details", + "@kbn/observability-alerting-rule-utils": "link:x-pack/packages/observability/alerting_rule_utils", "@kbn/observability-alerting-test-data": "link:x-pack/packages/observability/alerting_test_data", "@kbn/observability-fixtures-plugin": "link:x-pack/test/cases_api_integration/common/plugins/observability", "@kbn/observability-get-padded-alert-time-range-util": "link:x-pack/packages/observability/get_padded_alert_time_range_util", diff --git a/tsconfig.base.json b/tsconfig.base.json index ab36ec64b49628..60b7e6ff880167 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1226,6 +1226,8 @@ "@kbn/observability-ai-assistant-plugin/*": ["x-pack/plugins/observability_solution/observability_ai_assistant/*"], "@kbn/observability-alert-details": ["x-pack/packages/observability/alert_details"], "@kbn/observability-alert-details/*": ["x-pack/packages/observability/alert_details/*"], + "@kbn/observability-alerting-rule-utils": ["x-pack/packages/observability/alerting_rule_utils"], + "@kbn/observability-alerting-rule-utils/*": ["x-pack/packages/observability/alerting_rule_utils/*"], "@kbn/observability-alerting-test-data": ["x-pack/packages/observability/alerting_test_data"], "@kbn/observability-alerting-test-data/*": ["x-pack/packages/observability/alerting_test_data/*"], "@kbn/observability-fixtures-plugin": ["x-pack/test/cases_api_integration/common/plugins/observability"], diff --git a/x-pack/packages/observability/alerting_rule_utils/README.md b/x-pack/packages/observability/alerting_rule_utils/README.md new file mode 100644 index 00000000000000..32d61e64e2b6c6 --- /dev/null +++ b/x-pack/packages/observability/alerting_rule_utils/README.md @@ -0,0 +1,5 @@ +# @kbn/alerting-rule-utils + +Utilities shared between observability alerting rules + +- getEcsGroups: By passing the group by fields to this function, it will return fields that exist in ECS mapping with keyword type diff --git a/x-pack/plugins/observability_solution/infra/common/alerting/types.ts b/x-pack/packages/observability/alerting_rule_utils/index.ts similarity index 79% rename from x-pack/plugins/observability_solution/infra/common/alerting/types.ts rename to x-pack/packages/observability/alerting_rule_utils/index.ts index 97ccd8a339854a..5fa4b1c59c4344 100644 --- a/x-pack/plugins/observability_solution/infra/common/alerting/types.ts +++ b/x-pack/packages/observability/alerting_rule_utils/index.ts @@ -5,7 +5,4 @@ * 2.0. */ -export interface Group { - field: string; - value: string; -} +export { getEcsGroups, type Group } from './src/get_ecs_groups'; diff --git a/x-pack/packages/observability/alerting_rule_utils/jest.config.js b/x-pack/packages/observability/alerting_rule_utils/jest.config.js new file mode 100644 index 00000000000000..605fe2b4fcdcf7 --- /dev/null +++ b/x-pack/packages/observability/alerting_rule_utils/jest.config.js @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/observability/alerting_rule_utils'], +}; diff --git a/x-pack/packages/observability/alerting_rule_utils/kibana.jsonc b/x-pack/packages/observability/alerting_rule_utils/kibana.jsonc new file mode 100644 index 00000000000000..b1b3646302d1e8 --- /dev/null +++ b/x-pack/packages/observability/alerting_rule_utils/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/observability-alerting-rule-utils", + "owner": "@elastic/obs-ux-management-team" +} diff --git a/x-pack/packages/observability/alerting_rule_utils/package.json b/x-pack/packages/observability/alerting_rule_utils/package.json new file mode 100644 index 00000000000000..1c08024e828ede --- /dev/null +++ b/x-pack/packages/observability/alerting_rule_utils/package.json @@ -0,0 +1,7 @@ +{ + "name": "@kbn/observability-alerting-rule-utils", + "descriptio": "Utilities shared between observability alerting rules", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib/get_ecs_groups.test.ts b/x-pack/packages/observability/alerting_rule_utils/src/get_ecs_groups.test.ts similarity index 100% rename from x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib/get_ecs_groups.test.ts rename to x-pack/packages/observability/alerting_rule_utils/src/get_ecs_groups.test.ts diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib/get_ecs_groups.ts b/x-pack/packages/observability/alerting_rule_utils/src/get_ecs_groups.ts similarity index 93% rename from x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib/get_ecs_groups.ts rename to x-pack/packages/observability/alerting_rule_utils/src/get_ecs_groups.ts index bbaf20e6194b70..7c24ae9deb7236 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/lib/get_ecs_groups.ts +++ b/x-pack/packages/observability/alerting_rule_utils/src/get_ecs_groups.ts @@ -6,7 +6,11 @@ */ import { ecsFieldMap } from '@kbn/alerts-as-data-utils'; -import { Group } from '../../../../../common/typings'; + +export interface Group { + field: string; + value: string; +} export const getEcsGroups = (groups: Group[] = []): Record => { const ecsGroups = groups.filter((group) => { diff --git a/x-pack/packages/observability/alerting_rule_utils/tsconfig.json b/x-pack/packages/observability/alerting_rule_utils/tsconfig.json new file mode 100644 index 00000000000000..0d78dace105e1d --- /dev/null +++ b/x-pack/packages/observability/alerting_rule_utils/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [] +} diff --git a/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts b/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts index d95a24478a6ff9..9b562e3d491432 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts @@ -30,7 +30,7 @@ import { ALERT_REASON, ALERT_GROUP, } from '@kbn/rule-data-utils'; -import { Group } from '../../../../common/alerting/types'; +import { type Group } from '@kbn/observability-alerting-rule-utils'; jest.mock('./lib/evaluate_rule', () => ({ evaluateRule: jest.fn() })); @@ -959,6 +959,7 @@ describe('The metric threshold rule type', () => { tags: ['host-01_tag1', 'host-01_tag2', 'ruleTag1', 'ruleTag2'], groupByKeys: { host: { name: alertIdA } }, group: [{ field: 'host.name', value: alertIdA }], + ecsGroups: { 'host.name': alertIdA }, }); testAlertReported(2, { id: alertIdB, @@ -971,6 +972,7 @@ describe('The metric threshold rule type', () => { tags: ['host-02_tag1', 'host-02_tag2', 'ruleTag1', 'ruleTag2'], groupByKeys: { host: { name: alertIdB } }, group: [{ field: 'host.name', value: alertIdB }], + ecsGroups: { 'host.name': alertIdB }, }); }); }); @@ -2333,6 +2335,7 @@ describe('The metric threshold rule type', () => { conditions, reason, tags, + ecsGroups, }: { id: string; actionGroup: string; @@ -2348,6 +2351,7 @@ describe('The metric threshold rule type', () => { reason: string; tags?: string[]; group?: Group[]; + ecsGroups?: Record; } ) { expect(services.alertsClient.report).toHaveBeenNthCalledWith(index, { @@ -2416,6 +2420,7 @@ describe('The metric threshold rule type', () => { : {}), [ALERT_REASON]: reason, ...(tags ? { tags } : {}), + ...(ecsGroups ? ecsGroups : {}), }, }); } diff --git a/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts b/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts index f05c98d6cc2221..4c0a19ae2e5128 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.ts @@ -23,6 +23,7 @@ import { AlertsClientError, RuleExecutorOptions, RuleTypeState } from '@kbn/aler import { TimeUnitChar, getAlertUrl } from '@kbn/observability-plugin/common'; import { ObservabilityMetricsAlert } from '@kbn/alerts-as-data-utils'; import { COMPARATORS } from '@kbn/alerting-comparators'; +import { getEcsGroups, type Group } from '@kbn/observability-alerting-rule-utils'; import { convertToBuiltInComparators } from '@kbn/observability-plugin/common/utils/convert_legacy_outside_comparator'; import { getOriginalActionGroup } from '../../../utils/get_original_action_group'; import { AlertStates } from '../../../../common/alerting/metrics'; @@ -52,15 +53,15 @@ import { getEvaluationValues, getThresholds } from '../common/get_values'; import { EvaluatedRuleParams, evaluateRule, Evaluation } from './lib/evaluate_rule'; import { MissingGroupsRecord } from './lib/check_missing_group'; import { convertStringsToMissingGroupsRecord } from './lib/convert_strings_to_missing_groups_record'; -import { Group } from '../../../../common/alerting/types'; export type MetricThresholdAlert = Omit< ObservabilityMetricsAlert, - 'kibana.alert.evaluation.values' + 'kibana.alert.evaluation.values' | 'kibana.alert.evaluation.threshold' | 'kibana.alert.group' > & { // Defining a custom type for this because the schema generation script doesn't allow explicit null values [ALERT_EVALUATION_VALUES]?: Array; [ALERT_EVALUATION_THRESHOLD]?: Array; + [ALERT_GROUP]?: Group[]; }; export type MetricThresholdRuleParams = Record; @@ -94,7 +95,7 @@ type MetricThresholdAlertReporter = (params: { context: MetricThresholdAlertContext; additionalContext?: AdditionalContext | null; evaluationValues?: Array; - groups?: object[]; + groups?: Group[]; thresholds?: Array; }) => void; @@ -149,7 +150,6 @@ export const createMetricThresholdExecutor = id, actionGroup, }); - const groupsPayload = typeof groups !== 'undefined' ? { [ALERT_GROUP]: groups } : {}; alertsClient.setAlertData({ id, @@ -157,8 +157,9 @@ export const createMetricThresholdExecutor = [ALERT_REASON]: reason, [ALERT_EVALUATION_VALUES]: evaluationValues, [ALERT_EVALUATION_THRESHOLD]: thresholds, - ...groupsPayload, + [ALERT_GROUP]: groups, ...flattenAdditionalContext(additionalContext), + ...getEcsGroups(groups), }, context: { ...contextWithoutAlertDetailsUrl, diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.test.ts b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.test.ts index f28469c497a3a2..6445ae46d2b97d 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.test.ts +++ b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.test.ts @@ -1622,25 +1622,6 @@ describe('The custom threshold alert type', () => { }); await execute(COMPARATORS.GREATER_THAN, [0.9]); const ISO_DATE_REGEX = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/; - expect(services.alertsClient.setAlertData).toBeCalledTimes(1); - expect(services.alertsClient.setAlertData).toBeCalledWith({ - context: { - alertDetailsUrl: 'http://localhost:5601/app/observability/alerts/mockedUuid', - viewInAppUrl: 'mockedViewInApp', - group: [ - { - field: 'host.name', - value: 'host-0', - }, - ], - host: { - name: 'host-0', - }, - timestamp: expect.stringMatching(ISO_DATE_REGEX), - }, - id: 'host-0', - 'host.name': 'host-0', - }); expect(getViewInAppUrl).toBeCalledTimes(1); expect(getViewInAppUrl).toBeCalledWith({ dataViewId: 'c34a7c79-a88b-4b4a-ad19-72f6d24104e4', diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.ts b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.ts index bbb9990c9d7690..6578b91bf89c91 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.ts +++ b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/custom_threshold_executor.ts @@ -17,11 +17,11 @@ import { LocatorPublic } from '@kbn/share-plugin/common'; import { RecoveredActionGroup } from '@kbn/alerting-plugin/common'; import { IBasePath, Logger } from '@kbn/core/server'; import { AlertsClientError, RuleExecutorOptions } from '@kbn/alerting-plugin/server'; +import { getEcsGroups } from '@kbn/observability-alerting-rule-utils'; import { getEvaluationValues, getThreshold } from './lib/get_values'; import { AlertsLocatorParams, getAlertDetailsUrl } from '../../../../common'; import { getViewInAppUrl } from '../../../../common/custom_threshold_rule/get_view_in_app_url'; import { ObservabilityConfig } from '../../..'; -import { getEcsGroups } from './lib/get_ecs_groups'; import { FIRED_ACTIONS_ID, NO_DATA_ACTIONS_ID, UNGROUPED_FACTORY_KEY } from './constants'; import { AlertStates, @@ -323,7 +323,6 @@ export const createCustomThresholdExecutor = ({ alertsClient.setAlertData({ id: recoveredAlertId, context, - ...getEcsGroups(group), }); } diff --git a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts index c80a003c050e07..906c8a8a9f0a5d 100644 --- a/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts +++ b/x-pack/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts @@ -167,7 +167,7 @@ export const hasAdditionalContext = ( ): boolean => { return groupBy ? Array.isArray(groupBy) - ? groupBy.every((group) => validGroups.includes(group)) + ? groupBy.some((group) => validGroups.includes(group)) : validGroups.includes(groupBy) : false; }; diff --git a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts index fcb5fac564df45..94e1d8de9ae38f 100644 --- a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts +++ b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts @@ -136,7 +136,7 @@ export default function ({ getService }: FtrProviderContext) { }, index: DATA_VIEW_ID, }, - groupBy: ['host.name', 'container.id'], + groupBy: ['host.name', 'container.id', 'event.dataset', '_index'], }, actions: [ { @@ -209,10 +209,9 @@ export default function ({ getService }: FtrProviderContext) { 'custom_threshold.fired' ); expect(resp.hits.hits[0]._source).property('tags').contain('observability'); - expect(resp.hits.hits[0]._source).property( - 'kibana.alert.instance.id', - 'host-0,container-0' - ); + expect(resp.hits.hits[0]._source) + .property('kibana.alert.instance.id') + .contain('host-0,container-0,system.cpu,kbn-data-forge-fake_hosts.fake_hosts'); expect(resp.hits.hits[0]._source).property('kibana.alert.workflow_status', 'open'); expect(resp.hits.hits[0]._source).property('event.kind', 'signal'); expect(resp.hits.hits[0]._source).property('event.action', 'open'); @@ -223,20 +222,24 @@ export default function ({ getService }: FtrProviderContext) { .eql(['00-00-5E-00-53-23', '00-00-5E-00-53-24']); expect(resp.hits.hits[0]._source).property('container.id', 'container-0'); expect(resp.hits.hits[0]._source).property('container.name', 'container-name'); + expect(resp.hits.hits[0]._source).property('event.dataset', 'system.cpu'); expect(resp.hits.hits[0]._source).not.property('container.cpu'); - expect(resp.hits.hits[0]._source) - .property('kibana.alert.group') - .eql([ - { - field: 'host.name', - value: 'host-0', - }, - { - field: 'container.id', - value: 'container-0', - }, - ]); + expect(resp.hits.hits[0]._source['kibana.alert.group'][0]).eql({ + field: 'host.name', + value: 'host-0', + }); + expect(resp.hits.hits[0]._source['kibana.alert.group'][1]).eql({ + field: 'container.id', + value: 'container-0', + }); + expect(resp.hits.hits[0]._source['kibana.alert.group'][2]).eql({ + field: 'event.dataset', + value: 'system.cpu', + }); + expect(resp.hits.hits[0]._source['kibana.alert.group'][3].value).contain( + 'kbn-data-forge-fake_hosts.fake_hosts' + ); expect(resp.hits.hits[0]._source).property('kibana.alert.evaluation.threshold').eql([0.2]); expect(resp.hits.hits[0]._source) .property('kibana.alert.rule.parameters') @@ -253,7 +256,7 @@ export default function ({ getService }: FtrProviderContext) { alertOnNoData: true, alertOnGroupDisappear: true, searchConfiguration: { index: 'data-view-id', query: { query: '', language: 'kuery' } }, - groupBy: ['host.name', 'container.id'], + groupBy: ['host.name', 'container.id', 'event.dataset', '_index'], }); }); @@ -269,15 +272,15 @@ export default function ({ getService }: FtrProviderContext) { expect(resp.hits.hits[0]._source?.alertDetailsUrl).eql( `https://localhost:5601/app/observability/alerts/${alertId}` ); - expect(resp.hits.hits[0]._source?.reason).eql( - `Average system.cpu.total.norm.pct is 80%, above or equal the threshold of 20%. (duration: 1 min, data view: ${DATA_VIEW}, group: host-0,container-0)` + expect(resp.hits.hits[0]._source?.reason).contain( + `Average system.cpu.total.norm.pct is 80%, above or equal the threshold of 20%. (duration: 1 min, data view: ${DATA_VIEW}, group: host-0,container-0,system.cpu,kbn-data-forge-fake_hosts.fake_hosts` ); expect(resp.hits.hits[0]._source?.value).eql('80%'); expect(resp.hits.hits[0]._source?.host).eql( '{"name":"host-0","mac":["00-00-5E-00-53-23","00-00-5E-00-53-24"]}' ); - expect(resp.hits.hits[0]._source?.group).eql( - '{"field":"host.name","value":"host-0"},{"field":"container.id","value":"container-0"}' + expect(resp.hits.hits[0]._source?.group).contain( + '{"field":"host.name","value":"host-0"},{"field":"container.id","value":"container-0"},{"field":"event.dataset","value":"system.cpu"},{"field":"_index","value":"kbn-data-forge-fake_hosts.fake_hosts' ); }); }); diff --git a/yarn.lock b/yarn.lock index 8920fc52b086a9..806c06bc7349dd 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5702,6 +5702,10 @@ version "0.0.0" uid "" +"@kbn/observability-alerting-rule-utils@link:x-pack/packages/observability/alerting_rule_utils": + version "0.0.0" + uid "" + "@kbn/observability-alerting-test-data@link:x-pack/packages/observability/alerting_test_data": version "0.0.0" uid "" From 8aa227a07a8b27764ccc5d67968cb9785349ffdb Mon Sep 17 00:00:00 2001 From: Maryam Saeidi Date: Tue, 23 Jul 2024 14:19:45 +0200 Subject: [PATCH 2/7] Fix import --- .../infra/server/lib/alerting/common/utils.ts | 2 +- .../server/lib/alerting/log_threshold/log_threshold_executor.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/observability_solution/infra/server/lib/alerting/common/utils.ts b/x-pack/plugins/observability_solution/infra/server/lib/alerting/common/utils.ts index edfb50df0a788f..0de0a5a0797b47 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/common/utils.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/common/utils.ts @@ -19,6 +19,7 @@ import { import { ES_FIELD_TYPES } from '@kbn/field-types'; import { set } from '@kbn/safer-lodash-set'; import { Alert } from '@kbn/alerts-as-data-utils'; +import { type Group } from '@kbn/observability-alerting-rule-utils'; import { ParsedExperimentalFields } from '@kbn/rule-registry-plugin/common/parse_experimental_fields'; import { getInventoryViewInAppUrl, @@ -28,7 +29,6 @@ import { AlertExecutionDetails, InventoryMetricConditions, } from '../../../../common/alerting/metrics/types'; -import { Group } from '../../../../common/alerting/types'; const ALERT_CONTEXT_CONTAINER = 'container'; const ALERT_CONTEXT_ORCHESTRATOR = 'orchestrator'; diff --git a/x-pack/plugins/observability_solution/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts b/x-pack/plugins/observability_solution/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts index b742c3f139297a..a5a4a07710fdb0 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts @@ -31,6 +31,7 @@ import { PublicAlertsClient, RecoveredAlertData, } from '@kbn/alerting-plugin/server/alerts_client/types'; +import { type Group } from '@kbn/observability-alerting-rule-utils'; import { ecsFieldMap } from '@kbn/rule-registry-plugin/common/assets/field_maps/ecs_field_map'; import { decodeOrThrow } from '@kbn/io-ts-utils'; @@ -77,7 +78,6 @@ import { LogThresholdRuleTypeParams, positiveComparators, } from '../../../../common/alerting/logs/log_threshold/query_helpers'; -import { Group } from '../../../../common/alerting/types'; export type LogThresholdActionGroups = ActionGroupIdsOf; export type LogThresholdRuleTypeState = RuleTypeState; // no specific state used From 62e321db0b61e474f9bea96644f9beff12e36275 Mon Sep 17 00:00:00 2001 From: Maryam Saeidi Date: Tue, 23 Jul 2024 15:55:06 +0200 Subject: [PATCH 3/7] Fix types --- x-pack/packages/observability/alerting_rule_utils/index.ts | 3 ++- .../packages/observability/alerting_rule_utils/package.json | 2 +- .../packages/observability/alerting_rule_utils/tsconfig.json | 4 +++- x-pack/plugins/observability_solution/infra/tsconfig.json | 1 + 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/x-pack/packages/observability/alerting_rule_utils/index.ts b/x-pack/packages/observability/alerting_rule_utils/index.ts index 5fa4b1c59c4344..9f98f5a2b10fb9 100644 --- a/x-pack/packages/observability/alerting_rule_utils/index.ts +++ b/x-pack/packages/observability/alerting_rule_utils/index.ts @@ -5,4 +5,5 @@ * 2.0. */ -export { getEcsGroups, type Group } from './src/get_ecs_groups'; +export { getEcsGroups } from './src/get_ecs_groups'; +export type { Group } from './src/get_ecs_groups'; diff --git a/x-pack/packages/observability/alerting_rule_utils/package.json b/x-pack/packages/observability/alerting_rule_utils/package.json index 1c08024e828ede..054cf1655bd852 100644 --- a/x-pack/packages/observability/alerting_rule_utils/package.json +++ b/x-pack/packages/observability/alerting_rule_utils/package.json @@ -1,6 +1,6 @@ { "name": "@kbn/observability-alerting-rule-utils", - "descriptio": "Utilities shared between observability alerting rules", + "description": "Utils shared between observability alerting rules", "private": true, "version": "1.0.0", "license": "Elastic License 2.0" diff --git a/x-pack/packages/observability/alerting_rule_utils/tsconfig.json b/x-pack/packages/observability/alerting_rule_utils/tsconfig.json index 0d78dace105e1d..baf441402ea8c1 100644 --- a/x-pack/packages/observability/alerting_rule_utils/tsconfig.json +++ b/x-pack/packages/observability/alerting_rule_utils/tsconfig.json @@ -13,5 +13,7 @@ "exclude": [ "target/**/*" ], - "kbn_references": [] + "kbn_references": [ + "@kbn/alerts-as-data-utils" + ] } diff --git a/x-pack/plugins/observability_solution/infra/tsconfig.json b/x-pack/plugins/observability_solution/infra/tsconfig.json index f23c9f7b30c349..39d6ef203cce2e 100644 --- a/x-pack/plugins/observability_solution/infra/tsconfig.json +++ b/x-pack/plugins/observability_solution/infra/tsconfig.json @@ -102,6 +102,7 @@ "@kbn/router-utils", "@kbn/react-kibana-context-render", "@kbn/react-kibana-context-theme", + "@kbn/observability-alerting-rule-utils", "@kbn/presentation-publishing", "@kbn/presentation-containers", "@kbn/deeplinks-observability", From a3d21846feb80a7ccab0121323beae01b0928378 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 23 Jul 2024 15:41:24 +0000 Subject: [PATCH 4/7] [CI] Auto-commit changed files from 'node scripts/lint_ts_projects --fix' --- .../plugins/observability_solution/observability/tsconfig.json | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/observability_solution/observability/tsconfig.json b/x-pack/plugins/observability_solution/observability/tsconfig.json index 7432602b54c43f..c6e6dcbffeec86 100644 --- a/x-pack/plugins/observability_solution/observability/tsconfig.json +++ b/x-pack/plugins/observability_solution/observability/tsconfig.json @@ -108,6 +108,7 @@ "@kbn/event-annotation-components", "@kbn/slo-schema", "@kbn/license-management-plugin", + "@kbn/observability-alerting-rule-utils", ], "exclude": [ "target/**/*" From 828296529c9a51f1ad2ea18e1450e51ffa7eec68 Mon Sep 17 00:00:00 2001 From: Maryam Saeidi Date: Tue, 23 Jul 2024 18:24:53 +0200 Subject: [PATCH 5/7] Fix type --- .../inventory_metric_threshold_executor.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts b/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts index ad1056b65f0cc4..94879de3f8070c 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.ts @@ -6,10 +6,12 @@ */ import { i18n } from '@kbn/i18n'; +import { Group } from '@kbn/observability-alerting-rule-utils'; import { ALERT_REASON, ALERT_EVALUATION_VALUES, ALERT_EVALUATION_THRESHOLD, + ALERT_GROUP, } from '@kbn/rule-data-utils'; import { first, get } from 'lodash'; import { @@ -64,11 +66,12 @@ export type InventoryMetricThresholdAlertContext = AlertContext; // no specific export type InventoryMetricThresholdAlert = Omit< ObservabilityMetricsAlert, - 'kibana.alert.evaluation.values' | 'kibana.alert.evaluation.threshold' + 'kibana.alert.evaluation.values' | 'kibana.alert.evaluation.threshold' | 'kibana.alert.group' > & { // Defining a custom type for this because the schema generation script doesn't allow explicit null values [ALERT_EVALUATION_VALUES]?: Array; [ALERT_EVALUATION_THRESHOLD]?: Array; + [ALERT_GROUP]?: Group[]; }; export const createInventoryMetricThresholdExecutor = From b88c46d8c76acc984a52a37aa11c1089e1a9877f Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 23 Jul 2024 16:37:39 +0000 Subject: [PATCH 6/7] [CI] Auto-commit changed files from 'node scripts/generate codeowners' --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e08bcbeff8ef61..4ca81011a01176 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -616,6 +616,7 @@ x-pack/plugins/observability_solution/observability_ai_assistant_app @elastic/ob x-pack/plugins/observability_solution/observability_ai_assistant_management @elastic/obs-ai-assistant x-pack/plugins/observability_solution/observability_ai_assistant @elastic/obs-ai-assistant x-pack/packages/observability/alert_details @elastic/obs-ux-management-team +x-pack/packages/observability/alerting_rule_utils @elastic/obs-ux-management-team x-pack/packages/observability/alerting_test_data @elastic/obs-ux-management-team x-pack/test/cases_api_integration/common/plugins/observability @elastic/response-ops x-pack/packages/observability/get_padded_alert_time_range_util @elastic/obs-ux-management-team From 6ed8f3ae6295ddce3134a33710e54ecccac2129e Mon Sep 17 00:00:00 2001 From: Maryam Saeidi Date: Wed, 24 Jul 2024 10:35:28 +0200 Subject: [PATCH 7/7] Fix type --- .../custom_threshold_rule/group_by_fired.ts | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts index 94e1d8de9ae38f..6f4402575ac7c0 100644 --- a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts +++ b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/group_by_fired.ts @@ -225,21 +225,20 @@ export default function ({ getService }: FtrProviderContext) { expect(resp.hits.hits[0]._source).property('event.dataset', 'system.cpu'); expect(resp.hits.hits[0]._source).not.property('container.cpu'); - expect(resp.hits.hits[0]._source['kibana.alert.group'][0]).eql({ + const alertGroups = (resp.hits.hits[0]._source as any)?.['kibana.alert.group']; + expect(alertGroups[0]).eql({ field: 'host.name', value: 'host-0', }); - expect(resp.hits.hits[0]._source['kibana.alert.group'][1]).eql({ + expect(alertGroups[1]).eql({ field: 'container.id', value: 'container-0', }); - expect(resp.hits.hits[0]._source['kibana.alert.group'][2]).eql({ + expect(alertGroups[2]).eql({ field: 'event.dataset', value: 'system.cpu', }); - expect(resp.hits.hits[0]._source['kibana.alert.group'][3].value).contain( - 'kbn-data-forge-fake_hosts.fake_hosts' - ); + expect(alertGroups[3].value).contain('kbn-data-forge-fake_hosts.fake_hosts'); expect(resp.hits.hits[0]._source).property('kibana.alert.evaluation.threshold').eql([0.2]); expect(resp.hits.hits[0]._source) .property('kibana.alert.rule.parameters')