Skip to content

Commit

Permalink
[maps][alerting] fix ES query rule boundary field changed when editin…
Browse files Browse the repository at this point in the history
…g the rule (#165155)

Fixes #163959

While digging into the original issue, it was determined that the
existing components were unsalvageable. Fixing all of the issues would
have required more work than just starting over. Problems with original
components include:
1) updating rule state on component load. This is the cause of the
reported bug.
2) lack of loading state when performing async tasks, like loading data
views.
3) not displaying validation errors. When users clicked "save" with
missing configuration, no UI notifications were displayed
4) Heavy use of EuiExpression made it impossible to view all
configuration in a single time

Now, geo containment form:
1) Only updates rule state when users interact with inputs.
2) Displays loading state when performing async tasks, like loading data
views.
3) Displays validation errors
4) Has a simpler UI that allows users to see all configuration
information at the same time.

<img width="300" alt="Screen Shot 2023-08-30 at 5 34 00 PM"
src="https://github.com/elastic/kibana/assets/373691/65abfa5d-6c8e-45a9-b69f-cc07f5be7184">

<img width="300" alt="Screen Shot 2023-08-30 at 5 34 48 PM"
src="https://github.com/elastic/kibana/assets/373691/63b5af12-7104-43ae-a836-0236cf9d1e98">

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
nreese and kibanamachine authored Sep 6, 2023
1 parent 633aebe commit 118ea87
Show file tree
Hide file tree
Showing 31 changed files with 944 additions and 1,722 deletions.
Binary file not shown.
40 changes: 7 additions & 33 deletions docs/user/alerting/rule-types/geo-rule-types.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,51 +2,25 @@
[[geo-alerting]]
== Tracking containment

<<maps, Maps>> offers the tracking containment rule type which runs an {es} query over indices to determine whether any
documents are currently contained within any boundaries from the specified boundary index.
In the event that an entity is contained within a boundary, an alert may be generated.
The tracking containment rule alerts when an entity is contained or no longer contained within a boundary.

[float]
=== Requirements
To create a tracking containment rule, the following requirements must be present:

- *Tracks index or data view*: An index containing a `geo_point` or `geo_shape` field, `date` field,
and some form of entity identifier. An entity identifier is a `keyword` or `number`
field that consistently identifies the entity to be tracked. The data in this index should be dynamically
updating so that there are entity movements to alert upon.
- *Boundaries index or data view*: An index containing `geo_shape` data, such as boundary data and bounding box data.
This data is presumed to be static (not updating). Shape data matching the query is
harvested once when the rule is created and anytime after when the rule is re-enabled
after disablement.
- *Entities index*: An index containing a `geo_point` or `geo_shape` field, `date` field, and entity identifier. An entity identifier is a `keyword`, `number`, or `ip` field that identifies the entity. Entity data is expected to be updating so that there are entity movements to alert upon.
- *Boundaries index*: An index containing `geo_shape` data.
Boundaries data is expected to be static (not updating). Boundaries are collected once when the rule is created and anytime after when boundary configuration is modified.

By design, current interval entity locations (_current_ is determined by `date` in
the *Tracked index or data view*) are queried to determine if they are contained
within any monitored boundaries. Entity
data should be somewhat "real time", meaning the dates of new documents aren’t older
Entity locations are queried to determine if they are contained within any monitored boundaries.
Entity data should be somewhat "real time", meaning the dates of new documents aren’t older
than the current time minus the amount of the interval. If data older than
`now - <current interval>` is ingested, it won't trigger a rule.

[float]
=== Rule conditions

Tracking containment rules have three clauses that define the condition to detect,
as well as two Kuery bars used to provide additional filtering context for each of the indices.

[role="screenshot"]
image::user/alerting/images/alert-types-tracking-containment-conditions.png[Define the condition to detect,width=75%]
// NOTE: This is an autogenerated screenshot. Do not edit it directly.

Index (entity):: This clause requires an *index or data view*, a *time field* that will be used for the *time window*, and a *`geo_point` or `geo_shape` field* for tracking.
Index (Boundary):: This clause requires an *index or data view*, a *`geo_shape` field*
identifying boundaries, and an optional *Human-readable boundary name* for better alerting
messages.

[float]
=== Actions

Conditions for how a rule is tracked can be specified uniquely for each individual action.
A rule can be triggered either when a containment condition is met or when an entity
is no longer contained.
A rule can be triggered either when a containment condition is met or when an entity is no longer contained.

[role="screenshot"]
image::user/alerting/images/alert-types-tracking-containment-action-options.png[Action frequency options for an action,width=75%]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,7 @@ import { EuiComboBox, EuiComboBoxProps } from '@elastic/eui';
import type { DataViewsContract } from '@kbn/data-views-plugin/public';

export type IndexPatternSelectProps = Required<
Omit<
EuiComboBoxProps<any>,
'isLoading' | 'onSearchChange' | 'options' | 'selectedOptions' | 'onChange'
>,
Omit<EuiComboBoxProps<any>, 'onSearchChange' | 'options' | 'selectedOptions' | 'onChange'>,
'placeholder'
> & {
onChange: (indexPatternId?: string) => void;
Expand Down Expand Up @@ -155,7 +152,7 @@ export default class IndexPatternSelect extends Component<IndexPatternSelectInte
{...rest}
placeholder={placeholder}
singleSelection={true}
isLoading={this.state.isLoading}
isLoading={this.state.isLoading || this.props.isLoading}
onSearchChange={this.fetchOptions}
options={this.state.options}
selectedOptions={this.state.selectedIndexPattern ? [this.state.selectedIndexPattern] : []}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@ export function getRuleType(): RuleTypeModel<GeoContainmentAlertParams> {
return {
id: '.geo-containment',
description: i18n.translate('xpack.stackAlerts.geoContainment.descriptionText', {
defaultMessage: 'Alert when an entity is contained within a geo boundary.',
defaultMessage: 'Alert when an entity is contained or no longer contained within a boundary.',
}),
iconClass: 'globe',
documentationUrl: null,
ruleParamsExpression: lazy(() => import('./query_builder')),
ruleParamsExpression: lazy(() => import('./rule_form')),
validate: validateExpression,
requiresAppContext: false,
};
Expand Down

This file was deleted.

Loading

0 comments on commit 118ea87

Please sign in to comment.