Namespacing alert data within schema with kibana

elastic · Apr 7, 2021 · 094aa60 · 094aa60
1 parent 095b495
commit 094aa60
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 34 deletions.
diff --git a/x-pack/plugins/actions/common/alert_history_schema.test.ts b/x-pack/plugins/actions/common/alert_history_schema.test.ts
@@ -60,7 +60,7 @@ describe('buildAlertHistoryDocument', () => {
   it(`doesn't include context if context is empty`, () => {
     const alertHistoryDoc = buildAlertHistoryDocument(getVariables({ context: {} }));
     expect(alertHistoryDoc).not.toBeNull();
-    expect(alertHistoryDoc!.alert?.context).toBeFalsy();
+    expect(alertHistoryDoc!.kibana?.alert?.context).toBeFalsy();
   });
 
   it(`doesn't include params if params is empty`, () => {
@@ -88,16 +88,18 @@ describe('buildAlertHistoryDocument', () => {
   it('builds alert history document from variables', () => {
     expect(buildAlertHistoryDocument(getVariables())).toEqual({
       '@timestamp': '2021-01-01T00:00:00.000Z',
-      alert: {
-        actionGroup: 'action-group-id',
-        actionGroupName: 'Action Group',
-        context: {
-          'rule-type': {
-            contextVar1: 'contextValue1',
-            contextVar2: 'contextValue2',
+      kibana: {
+        alert: {
+          actionGroup: 'action-group-id',
+          actionGroupName: 'Action Group',
+          context: {
+            'rule-type': {
+              contextVar1: 'contextValue1',
+              contextVar2: 'contextValue2',
+            },
           },
+          id: 'alert-id',
         },
-        id: 'alert-id',
       },
       event: {
         kind: 'alert',

diff --git a/x-pack/plugins/actions/common/alert_history_schema.ts b/x-pack/plugins/actions/common/alert_history_schema.ts
@@ -64,7 +64,7 @@ export const buildAlertHistoryDocument = (variables: Record<string, unknown>) =>
     ...(tags && tags.length > 0 ? { tags } : {}),
     ...(context?.message ? { message: context.message } : {}),
     ...(!isEmpty(rule) ? { rule } : {}),
-    ...(!isEmpty(alert) ? { alert } : {}),
+    ...(!isEmpty(alert) ? { kibana: { alert } } : {}),
   };
 
   return !isEmpty(alertHistoryDoc) ? { ...alertHistoryDoc, event: { kind: 'alert' } } : null;

diff --git a/x-pack/plugins/actions/server/preconfigured_connectors/alert_history_es_index/mappings.json b/x-pack/plugins/actions/server/preconfigured_connectors/alert_history_es_index/mappings.json
@@ -4,23 +4,27 @@
         "@timestamp": {
             "type": "date"
         },
-        "alert": {
+        "kibana": {
             "properties": {
-                "actionGroup": {
-                    "type": "keyword"
-                },
-                "actionGroupName": {
-                    "type": "keyword"
-                },
-                "actionSubgroup": {
-                    "type": "keyword"
-                },
-                "context": {
-                    "type": "object",
-                    "enabled": false
-                },
-                "id": {
-                    "type": "keyword"
+                "alert": {
+                    "properties": {
+                        "actionGroup": {
+                            "type": "keyword"
+                        },
+                        "actionGroupName": {
+                            "type": "keyword"
+                        },
+                        "actionSubgroup": {
+                            "type": "keyword"
+                        },
+                        "context": {
+                            "type": "object",
+                            "enabled": false
+                        },
+                        "id": {
+                            "type": "keyword"
+                        }
+                    }
                 }
             }
         },

diff --git a/...n/spaces_only/tests/actions/builtin_action_types/preconfigured_alert_history_connector.ts b/...n/spaces_only/tests/actions/builtin_action_types/preconfigured_alert_history_connector.ts
@@ -81,10 +81,10 @@ export default function preconfiguredAlertHistoryConnectorTests({
         expect(indexedDoc.rule.params[ruleTypeId.replace('.', '__')]).to.eql(testRuleData.params);
         expect(indexedDoc.rule.space).to.eql(spaceId);
         expect(indexedDoc.rule.type).to.eql(ruleTypeId);
-        expect(indexedDoc.alert.id).to.eql(alertId);
-        expect(indexedDoc.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true);
-        expect(indexedDoc.alert.actionGroup).to.eql('default');
-        expect(indexedDoc.alert.actionGroupName).to.eql('Default');
+        expect(indexedDoc.kibana.alert.id).to.eql(alertId);
+        expect(indexedDoc.kibana.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true);
+        expect(indexedDoc.kibana.alert.actionGroup).to.eql('default');
+        expect(indexedDoc.kibana.alert.actionGroupName).to.eql('Default');
       });
     });
 
@@ -119,10 +119,10 @@ export default function preconfiguredAlertHistoryConnectorTests({
         expect(indexedDoc.rule.params[ruleTypeId.replace('.', '__')]).to.eql(testRuleData.params);
         expect(indexedDoc.rule.space).to.eql(spaceId);
         expect(indexedDoc.rule.type).to.eql(ruleTypeId);
-        expect(indexedDoc.alert.id).to.eql(alertId);
-        expect(indexedDoc.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true);
-        expect(indexedDoc.alert.actionGroup).to.eql('default');
-        expect(indexedDoc.alert.actionGroupName).to.eql('Default');
+        expect(indexedDoc.kibana.alert.id).to.eql(alertId);
+        expect(indexedDoc.kibana.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true);
+        expect(indexedDoc.kibana.alert.actionGroup).to.eql('default');
+        expect(indexedDoc.kibana.alert.actionGroupName).to.eql('Default');
       });
     });
   });