From 094aa6079045ed0f7118cf22f894ad6997ba27a7 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Wed, 7 Apr 2021 10:58:32 -0400 Subject: [PATCH] Namespacing alert data within schema with kibana --- .../common/alert_history_schema.test.ts | 20 ++++++----- .../actions/common/alert_history_schema.ts | 2 +- .../alert_history_es_index/mappings.json | 36 ++++++++++--------- .../preconfigured_alert_history_connector.ts | 16 ++++----- 4 files changed, 40 insertions(+), 34 deletions(-) diff --git a/x-pack/plugins/actions/common/alert_history_schema.test.ts b/x-pack/plugins/actions/common/alert_history_schema.test.ts index 4ce9a96fd8e1e..42a3d98c85fc7 100644 --- a/x-pack/plugins/actions/common/alert_history_schema.test.ts +++ b/x-pack/plugins/actions/common/alert_history_schema.test.ts @@ -60,7 +60,7 @@ describe('buildAlertHistoryDocument', () => { it(`doesn't include context if context is empty`, () => { const alertHistoryDoc = buildAlertHistoryDocument(getVariables({ context: {} })); expect(alertHistoryDoc).not.toBeNull(); - expect(alertHistoryDoc!.alert?.context).toBeFalsy(); + expect(alertHistoryDoc!.kibana?.alert?.context).toBeFalsy(); }); it(`doesn't include params if params is empty`, () => { @@ -88,16 +88,18 @@ describe('buildAlertHistoryDocument', () => { it('builds alert history document from variables', () => { expect(buildAlertHistoryDocument(getVariables())).toEqual({ '@timestamp': '2021-01-01T00:00:00.000Z', - alert: { - actionGroup: 'action-group-id', - actionGroupName: 'Action Group', - context: { - 'rule-type': { - contextVar1: 'contextValue1', - contextVar2: 'contextValue2', + kibana: { + alert: { + actionGroup: 'action-group-id', + actionGroupName: 'Action Group', + context: { + 'rule-type': { + contextVar1: 'contextValue1', + contextVar2: 'contextValue2', + }, }, + id: 'alert-id', }, - id: 'alert-id', }, event: { kind: 'alert', diff --git a/x-pack/plugins/actions/common/alert_history_schema.ts b/x-pack/plugins/actions/common/alert_history_schema.ts index dcfc7fe2c9a71..e1c923ab23f44 100644 --- a/x-pack/plugins/actions/common/alert_history_schema.ts +++ b/x-pack/plugins/actions/common/alert_history_schema.ts @@ -64,7 +64,7 @@ export const buildAlertHistoryDocument = (variables: Record) => ...(tags && tags.length > 0 ? { tags } : {}), ...(context?.message ? { message: context.message } : {}), ...(!isEmpty(rule) ? { rule } : {}), - ...(!isEmpty(alert) ? { alert } : {}), + ...(!isEmpty(alert) ? { kibana: { alert } } : {}), }; return !isEmpty(alertHistoryDoc) ? { ...alertHistoryDoc, event: { kind: 'alert' } } : null; diff --git a/x-pack/plugins/actions/server/preconfigured_connectors/alert_history_es_index/mappings.json b/x-pack/plugins/actions/server/preconfigured_connectors/alert_history_es_index/mappings.json index 42c2adc0d0b30..56047f30d9489 100644 --- a/x-pack/plugins/actions/server/preconfigured_connectors/alert_history_es_index/mappings.json +++ b/x-pack/plugins/actions/server/preconfigured_connectors/alert_history_es_index/mappings.json @@ -4,23 +4,27 @@ "@timestamp": { "type": "date" }, - "alert": { + "kibana": { "properties": { - "actionGroup": { - "type": "keyword" - }, - "actionGroupName": { - "type": "keyword" - }, - "actionSubgroup": { - "type": "keyword" - }, - "context": { - "type": "object", - "enabled": false - }, - "id": { - "type": "keyword" + "alert": { + "properties": { + "actionGroup": { + "type": "keyword" + }, + "actionGroupName": { + "type": "keyword" + }, + "actionSubgroup": { + "type": "keyword" + }, + "context": { + "type": "object", + "enabled": false + }, + "id": { + "type": "keyword" + } + } } } }, diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/builtin_action_types/preconfigured_alert_history_connector.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/builtin_action_types/preconfigured_alert_history_connector.ts index c31e1105fb132..cf8a0f99d4394 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/builtin_action_types/preconfigured_alert_history_connector.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/builtin_action_types/preconfigured_alert_history_connector.ts @@ -81,10 +81,10 @@ export default function preconfiguredAlertHistoryConnectorTests({ expect(indexedDoc.rule.params[ruleTypeId.replace('.', '__')]).to.eql(testRuleData.params); expect(indexedDoc.rule.space).to.eql(spaceId); expect(indexedDoc.rule.type).to.eql(ruleTypeId); - expect(indexedDoc.alert.id).to.eql(alertId); - expect(indexedDoc.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true); - expect(indexedDoc.alert.actionGroup).to.eql('default'); - expect(indexedDoc.alert.actionGroupName).to.eql('Default'); + expect(indexedDoc.kibana.alert.id).to.eql(alertId); + expect(indexedDoc.kibana.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true); + expect(indexedDoc.kibana.alert.actionGroup).to.eql('default'); + expect(indexedDoc.kibana.alert.actionGroupName).to.eql('Default'); }); }); @@ -119,10 +119,10 @@ export default function preconfiguredAlertHistoryConnectorTests({ expect(indexedDoc.rule.params[ruleTypeId.replace('.', '__')]).to.eql(testRuleData.params); expect(indexedDoc.rule.space).to.eql(spaceId); expect(indexedDoc.rule.type).to.eql(ruleTypeId); - expect(indexedDoc.alert.id).to.eql(alertId); - expect(indexedDoc.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true); - expect(indexedDoc.alert.actionGroup).to.eql('default'); - expect(indexedDoc.alert.actionGroupName).to.eql('Default'); + expect(indexedDoc.kibana.alert.id).to.eql(alertId); + expect(indexedDoc.kibana.alert.context[ruleTypeId.replace('.', '__')] != null).to.eql(true); + expect(indexedDoc.kibana.alert.actionGroup).to.eql('default'); + expect(indexedDoc.kibana.alert.actionGroupName).to.eql('Default'); }); }); });